Lucene search

[email protected]CVE-2007-3387

HistoryJul 30, 2007 - 11:17 p.m.

CVE-2007-3387

2007-07-3023:17:00

CWE-190

[email protected]

web.nvd.nist.gov

cve-2007-3387

integer overflow

xpdf 3.02

stack-based buffer overflow

nvd

security vulnerability

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.065 Low

EPSS

Percentile

93.7%

JSON

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

CPENameOperatorVersion
xpdfreader:xpdfxpdfreader xpdfeq3.02
apple:cupsapple cupsle1.3.11
freedesktop:popplerfreedesktop popplerlt0.5.91
gpdf_project:gpdfgpdf project gpdflt2.8.2
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

CPE	Name	Operator	Version
xpdfreader:xpdf	xpdfreader xpdf	eq	3.02
apple:cups	apple cups	le	1.3.11
freedesktop:poppler	freedesktop poppler	lt	0.5.91
gpdf_project:gpdf	gpdf project gpdf	lt	2.8.2
debian:debian_linux	debian debian linux	eq	3.1
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

bugs.gentoo.org/show_bug.cgi?id=187139

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194

osvdb.org/40127

secunia.com/advisories/26188

secunia.com/advisories/26251

secunia.com/advisories/26254

secunia.com/advisories/26255

secunia.com/advisories/26257

secunia.com/advisories/26278

secunia.com/advisories/26281

secunia.com/advisories/26283

secunia.com/advisories/26292

secunia.com/advisories/26293

secunia.com/advisories/26297

secunia.com/advisories/26307

secunia.com/advisories/26318

secunia.com/advisories/26325

secunia.com/advisories/26342

secunia.com/advisories/26343

secunia.com/advisories/26358

secunia.com/advisories/26365

secunia.com/advisories/26370

secunia.com/advisories/26395

secunia.com/advisories/26403

secunia.com/advisories/26405

secunia.com/advisories/26407

secunia.com/advisories/26410

secunia.com/advisories/26413

secunia.com/advisories/26425

secunia.com/advisories/26432

secunia.com/advisories/26436

secunia.com/advisories/26467

secunia.com/advisories/26468

secunia.com/advisories/26470

secunia.com/advisories/26514

secunia.com/advisories/26607

secunia.com/advisories/26627

secunia.com/advisories/26862

secunia.com/advisories/26982

secunia.com/advisories/27156

secunia.com/advisories/27281

secunia.com/advisories/27308

secunia.com/advisories/27637

secunia.com/advisories/30168

security.gentoo.org/glsa/glsa-200709-12.xml

security.gentoo.org/glsa/glsa-200709-17.xml

security.gentoo.org/glsa/glsa-200710-20.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

sourceforge.net/project/shownotes.php?release_id=535497

support.avaya.com/elmodocs2/security/ASA-2007-401.htm

www.debian.org/security/2007/dsa-1347

www.debian.org/security/2007/dsa-1348

www.debian.org/security/2007/dsa-1349

www.debian.org/security/2007/dsa-1350

www.debian.org/security/2007/dsa-1352

www.debian.org/security/2007/dsa-1354

www.debian.org/security/2007/dsa-1355

www.debian.org/security/2007/dsa-1357

www.gentoo.org/security/en/glsa/glsa-200710-08.xml

www.kde.org/info/security/advisory-20070730-1.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:158

www.mandriva.com/security/advisories?name=MDKSA-2007:159

www.mandriva.com/security/advisories?name=MDKSA-2007:160

www.mandriva.com/security/advisories?name=MDKSA-2007:161

www.mandriva.com/security/advisories?name=MDKSA-2007:162

www.mandriva.com/security/advisories?name=MDKSA-2007:163

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.mandriva.com/security/advisories?name=MDKSA-2007:165

www.novell.com/linux/security/advisories/2007_15_sr.html

www.novell.com/linux/security/advisories/2007_16_sr.html

www.redhat.com/support/errata/RHSA-2007-0720.html

www.redhat.com/support/errata/RHSA-2007-0729.html

www.redhat.com/support/errata/RHSA-2007-0730.html

www.redhat.com/support/errata/RHSA-2007-0731.html

www.redhat.com/support/errata/RHSA-2007-0732.html

www.redhat.com/support/errata/RHSA-2007-0735.html

www.securityfocus.com/archive/1/476508/100/0/threaded

www.securityfocus.com/archive/1/476519/30/5400/threaded

www.securityfocus.com/archive/1/476765/30/5340/threaded

www.securityfocus.com/bid/25124

www.securitytracker.com/id?1018473

www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670

www.ubuntu.com/usn/usn-496-1

www.ubuntu.com/usn/usn-496-2

www.vupen.com/english/advisories/2007/2704

www.vupen.com/english/advisories/2007/2705

issues.foresightlinux.org/browse/FL-471

issues.rpath.com/browse/RPL-1596

issues.rpath.com/browse/RPL-1604

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.065 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2007-3387

nessus64 openvas68 osv7 altlinux2 prion2 ubuntucve1 debian8 gentoo4 debiancve1 centos8 securityvulns2 redhat6 ubuntu2 freebsd1 fedora10 oraclelinux8 veracode1 slackware3 cve1