Lucene search

[email protected]NVD:CVE-2007-3387

HistoryJul 30, 2007 - 11:17 p.m.

CVE-2007-3387

2007-07-3023:17:00

CWE-190

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Affected configurations

NVD

Node

applecupsRange≤1.3.11

freedesktoppopplerRange<0.5.91

gpdf_projectgpdfRange<2.8.2

xpdfreaderxpdfMatch3.02

Node

debiandebian_linuxMatch3.1

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch6.10

canonicalubuntu_linuxMatch7.04

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

bugs.gentoo.org/show_bug.cgi?id=187139

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194

osvdb.org/40127

secunia.com/advisories/26188

secunia.com/advisories/26251

secunia.com/advisories/26254

secunia.com/advisories/26255

secunia.com/advisories/26257

secunia.com/advisories/26278

secunia.com/advisories/26281

secunia.com/advisories/26283

secunia.com/advisories/26292

secunia.com/advisories/26293

secunia.com/advisories/26297

secunia.com/advisories/26307

secunia.com/advisories/26318

secunia.com/advisories/26325

secunia.com/advisories/26342

secunia.com/advisories/26343

secunia.com/advisories/26358

secunia.com/advisories/26365

secunia.com/advisories/26370

secunia.com/advisories/26395

secunia.com/advisories/26403

secunia.com/advisories/26405

secunia.com/advisories/26407

secunia.com/advisories/26410

secunia.com/advisories/26413

secunia.com/advisories/26425

secunia.com/advisories/26432

secunia.com/advisories/26436

secunia.com/advisories/26467

secunia.com/advisories/26468

secunia.com/advisories/26470

secunia.com/advisories/26514

secunia.com/advisories/26607

secunia.com/advisories/26627

secunia.com/advisories/26862

secunia.com/advisories/26982

secunia.com/advisories/27156

secunia.com/advisories/27281

secunia.com/advisories/27308

secunia.com/advisories/27637

secunia.com/advisories/30168

security.gentoo.org/glsa/glsa-200709-12.xml

security.gentoo.org/glsa/glsa-200709-17.xml

security.gentoo.org/glsa/glsa-200710-20.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

sourceforge.net/project/shownotes.php?release_id=535497

support.avaya.com/elmodocs2/security/ASA-2007-401.htm

www.debian.org/security/2007/dsa-1347

www.debian.org/security/2007/dsa-1348

www.debian.org/security/2007/dsa-1349

www.debian.org/security/2007/dsa-1350

www.debian.org/security/2007/dsa-1352

www.debian.org/security/2007/dsa-1354

www.debian.org/security/2007/dsa-1355

www.debian.org/security/2007/dsa-1357

www.gentoo.org/security/en/glsa/glsa-200710-08.xml

www.kde.org/info/security/advisory-20070730-1.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:158

www.mandriva.com/security/advisories?name=MDKSA-2007:159

www.mandriva.com/security/advisories?name=MDKSA-2007:160

www.mandriva.com/security/advisories?name=MDKSA-2007:161

www.mandriva.com/security/advisories?name=MDKSA-2007:162

www.mandriva.com/security/advisories?name=MDKSA-2007:163

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.mandriva.com/security/advisories?name=MDKSA-2007:165

www.novell.com/linux/security/advisories/2007_15_sr.html

www.novell.com/linux/security/advisories/2007_16_sr.html

www.redhat.com/support/errata/RHSA-2007-0720.html

www.redhat.com/support/errata/RHSA-2007-0729.html

www.redhat.com/support/errata/RHSA-2007-0730.html

www.redhat.com/support/errata/RHSA-2007-0731.html

www.redhat.com/support/errata/RHSA-2007-0732.html

www.redhat.com/support/errata/RHSA-2007-0735.html

www.securityfocus.com/archive/1/476508/100/0/threaded

www.securityfocus.com/archive/1/476519/30/5400/threaded

www.securityfocus.com/archive/1/476765/30/5340/threaded

www.securityfocus.com/bid/25124

www.securitytracker.com/id?1018473

www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670

www.ubuntu.com/usn/usn-496-1

www.ubuntu.com/usn/usn-496-2

www.vupen.com/english/advisories/2007/2704

www.vupen.com/english/advisories/2007/2705

issues.foresightlinux.org/browse/FL-471

issues.rpath.com/browse/RPL-1596

issues.rpath.com/browse/RPL-1604

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Related for NVD:CVE-2007-3387

freebsd1 redhat6 nessus63 gentoo4 openvas67 centos8 debian8 securityvulns2 ubuntu2 cve2 oraclelinux8 fedora9 veracode1 osv7 cvelist1 ubuntucve1 altlinux2 prion2 debiancve1 slackware3 nvd1