Lucene search

PRIOn knowledge basePRION:CVE-2007-3387

HistoryJul 30, 2007 - 11:17 p.m.

Integer overflow

2007-07-3023:17:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.9%

JSON

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

CPENameOperatorVersion
cupsle1.3.11
ubuntu_linuxeq7.04
ubuntu_linuxeq6.10
ubuntu_linuxeq6.06
debian_linuxeq3.1
debian_linuxeq4.0
popplerlt0.5.91
gpdflt2.8.2
xpdfeq3.02

Name	Operator	Version
cups	le	1.3.11
ubuntu_linux	eq	7.04
ubuntu_linux	eq	6.10
ubuntu_linux	eq	6.06
debian_linux	eq	3.1
debian_linux	eq	4.0
poppler	lt	0.5.91
gpdf	lt	2.8.2
xpdf	eq	3.02

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

bugs.gentoo.org/show_bug.cgi?id=187139

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194

osvdb.org/40127

secunia.com/advisories/26188

secunia.com/advisories/26251

secunia.com/advisories/26254

secunia.com/advisories/26255

secunia.com/advisories/26257

secunia.com/advisories/26278

secunia.com/advisories/26281

secunia.com/advisories/26283

secunia.com/advisories/26292

secunia.com/advisories/26293

secunia.com/advisories/26297

secunia.com/advisories/26307

secunia.com/advisories/26318

secunia.com/advisories/26325

secunia.com/advisories/26342

secunia.com/advisories/26343

secunia.com/advisories/26358

secunia.com/advisories/26365

secunia.com/advisories/26370

secunia.com/advisories/26395

secunia.com/advisories/26403

secunia.com/advisories/26405

secunia.com/advisories/26407

secunia.com/advisories/26410

secunia.com/advisories/26413

secunia.com/advisories/26425

secunia.com/advisories/26432

secunia.com/advisories/26436

secunia.com/advisories/26467

secunia.com/advisories/26468

secunia.com/advisories/26470

secunia.com/advisories/26514

secunia.com/advisories/26607

secunia.com/advisories/26627

secunia.com/advisories/26862

secunia.com/advisories/26982

secunia.com/advisories/27156

secunia.com/advisories/27281

secunia.com/advisories/27308

secunia.com/advisories/27637

secunia.com/advisories/30168

security.gentoo.org/glsa/glsa-200709-12.xml

security.gentoo.org/glsa/glsa-200709-17.xml

security.gentoo.org/glsa/glsa-200710-20.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

sourceforge.net/project/shownotes.php?release_id=535497

support.avaya.com/elmodocs2/security/ASA-2007-401.htm

www.debian.org/security/2007/dsa-1347

www.debian.org/security/2007/dsa-1348

www.debian.org/security/2007/dsa-1349

www.debian.org/security/2007/dsa-1350

www.debian.org/security/2007/dsa-1352

www.debian.org/security/2007/dsa-1354

www.debian.org/security/2007/dsa-1355

www.debian.org/security/2007/dsa-1357

www.gentoo.org/security/en/glsa/glsa-200710-08.xml

www.kde.org/info/security/advisory-20070730-1.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:158

www.mandriva.com/security/advisories?name=MDKSA-2007:159

www.mandriva.com/security/advisories?name=MDKSA-2007:160

www.mandriva.com/security/advisories?name=MDKSA-2007:161

www.mandriva.com/security/advisories?name=MDKSA-2007:162

www.mandriva.com/security/advisories?name=MDKSA-2007:163

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.mandriva.com/security/advisories?name=MDKSA-2007:165

www.novell.com/linux/security/advisories/2007_15_sr.html

www.novell.com/linux/security/advisories/2007_16_sr.html

www.redhat.com/support/errata/RHSA-2007-0720.html

www.redhat.com/support/errata/RHSA-2007-0729.html

www.redhat.com/support/errata/RHSA-2007-0730.html

www.redhat.com/support/errata/RHSA-2007-0731.html

www.redhat.com/support/errata/RHSA-2007-0732.html

www.redhat.com/support/errata/RHSA-2007-0735.html

www.securityfocus.com/archive/1/476508/100/0/threaded

www.securityfocus.com/archive/1/476519/30/5400/threaded

www.securityfocus.com/archive/1/476765/30/5340/threaded

www.securityfocus.com/bid/25124

www.securitytracker.com/id?1018473

www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670

www.ubuntu.com/usn/usn-496-1

www.ubuntu.com/usn/usn-496-2

www.vupen.com/english/advisories/2007/2704

www.vupen.com/english/advisories/2007/2705

issues.foresightlinux.org/browse/FL-471

issues.rpath.com/browse/RPL-1596

issues.rpath.com/browse/RPL-1604

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.9%

JSON

Related for PRION:CVE-2007-3387