Vulnerability CVE-2007-3387
Published: 2007-07-30   Modified: 2012-02-12

Description:
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
XPDF -> XPDF 
Poppler -> Poppler 
Pdfedit -> Pdfedit 
KDE -> Kdegraphics 
KDE -> KPDF 
Gnome -> GPDF 
Easy software products -> CUPS 

 References:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://security.gentoo.org/glsa/glsa-200709-12.xml
http://security.gentoo.org/glsa/glsa-200709-17.xml
http://security.gentoo.org/glsa/glsa-200710-20.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://sourceforge.net/project/shownotes.php?release_id=535497
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
http://www.debian.org/security/2007/dsa-1347
http://www.debian.org/security/2007/dsa-1348
http://www.debian.org/security/2007/dsa-1349
http://www.debian.org/security/2007/dsa-1350
http://www.debian.org/security/2007/dsa-1352
http://www.debian.org/security/2007/dsa-1354
http://www.debian.org/security/2007/dsa-1355
http://www.debian.org/security/2007/dsa-1357
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
http://www.kde.org/info/security/advisory-20070730-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.novell.com/linux/security/advisories/2007_16_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0720.html
http://www.redhat.com/support/errata/RHSA-2007-0729.html
http://www.redhat.com/support/errata/RHSA-2007-0730.html
http://www.redhat.com/support/errata/RHSA-2007-0731.html
http://www.redhat.com/support/errata/RHSA-2007-0732.html
http://www.redhat.com/support/errata/RHSA-2007-0735.html
http://www.securityfocus.com/archive/1/476508/100/0/threaded
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
http://www.securityfocus.com/bid/25124
http://www.securitytracker.com/id?1018473
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
http://www.ubuntu.com/usn/usn-496-1
http://www.ubuntu.com/usn/usn-496-2
http://www.vupen.com/english/advisories/2007/2704
http://www.vupen.com/english/advisories/2007/2705
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
Copyright 2024, cxsecurity.com

 

Back to Top