Home > Vulnerability Database > CVE-2007-3387

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-3387

Date: July 30, 2007

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Severity Score

5.6

Related Resources (98)

Url: http://secunia.com/advisories/27281

Url: http://www.redhat.com/support/errata/RHSA-2007-0729.html

Url: http://secunia.com/advisories/26470

Url: http://www.kde.org/info/security/advisory-20070730-1.txt

Url: http://www.securityfocus.com/archive/1/476519/30/5400/threaded

Url: http://osvdb.org/40127

Url: http://secunia.com/advisories/26627

Url: http://www.redhat.com/support/errata/RHSA-2007-0731.html

Url: http://secunia.com/advisories/26982

Url: http://secunia.com/advisories/26343

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149

Url: http://secunia.com/advisories/26342

Url: http://secunia.com/advisories/26188

Url: http://secunia.com/advisories/27156

Url: http://secunia.com/advisories/26468

Url: http://secunia.com/advisories/26467

Url: http://secunia.com/advisories/26862

Url: http://security.gentoo.org/glsa/glsa-200711-34.xml

Url: http://www.ubuntu.com/usn/usn-496-2

Url: http://security.gentoo.org/glsa/glsa-200805-13.xml

Url: http://www.ubuntu.com/usn/usn-496-1

Url: http://secunia.com/advisories/30168

Url: http://www.redhat.com/support/errata/RHSA-2007-0730.html

Url: http://secunia.com/advisories/26514

Url: https://issues.rpath.com/browse/RPL-1604

Url: http://sourceforge.net/project/shownotes.php?release_id=535497

Url: http://secunia.com/advisories/26358

Url: http://secunia.com/advisories/26292

Url: http://www.securityfocus.com/archive/1/476508/100/0/threaded

Url: http://www.debian.org/security/2007/dsa-1349

Url: http://www.securityfocus.com/bid/25124

Url: http://secunia.com/advisories/26293

Url: http://www.debian.org/security/2007/dsa-1348

Url: http://www.debian.org/security/2007/dsa-1347

Url: http://secunia.com/advisories/26607

Url: http://secunia.com/advisories/26325

Url: http://security.gentoo.org/glsa/glsa-200709-17.xml

Url: http://www.debian.org/security/2007/dsa-1357

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3387

Url: http://www.debian.org/security/2007/dsa-1352

Url: http://www.debian.org/security/2007/dsa-1355

Url: https://issues.rpath.com/browse/RPL-1596

Url: http://www.debian.org/security/2007/dsa-1354

Url: http://security.gentoo.org/glsa/glsa-200710-20.xml

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-3387

Url: http://secunia.com/advisories/27308

Url: http://www.debian.org/security/2007/dsa-1350

Url: http://secunia.com/advisories/26297

Url: http://secunia.com/advisories/26395

Url: http://www.securityfocus.com/archive/1/476765/30/5340/threaded

Url: http://secunia.com/advisories/26307

Url: http://security.gentoo.org/glsa/glsa-200709-12.xml

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:158

Url: http://secunia.com/advisories/27637

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:159

Url: http://www.vupen.com/english/advisories/2007/2705

Url: http://www.vupen.com/english/advisories/2007/2704

Url: http://www.novell.com/linux/security/advisories/2007_16_sr.html

Url: http://secunia.com/advisories/26425

Url: http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm

Url: http://secunia.com/advisories/26281

Url: http://www.securitytracker.com/id?1018473

Url: ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

Url: https://issues.foresightlinux.org/browse/FL-471

Url: http://secunia.com/advisories/26283

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

Url: http://secunia.com/advisories/26318

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:165

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:163

Url: http://secunia.com/advisories/26432

Url: http://secunia.com/advisories/26278

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:164

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:161

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:162

Url: http://secunia.com/advisories/26436

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:160

Url: http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml

Url: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194

Url: http://secunia.com/advisories/26251

Url: http://secunia.com/advisories/26370

Url: http://www.redhat.com/support/errata/RHSA-2007-0720.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0735.html

Url: http://secunia.com/advisories/26407

Url: http://secunia.com/advisories/26405

Url: http://www.novell.com/linux/security/advisories/2007_15_sr.html

Url: http://secunia.com/advisories/26365

Url: http://secunia.com/advisories/26403

Url: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670

Url: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

Url: https://access.redhat.com/security/cve/CVE-2007-3387

Url: http://www.redhat.com/support/errata/RHSA-2007-0732.html

Url: http://secunia.com/advisories/26410

Url: http://secunia.com/advisories/26255

Url: http://secunia.com/advisories/26254

Url: http://secunia.com/advisories/26413

Url: http://bugs.gentoo.org/show_bug.cgi?id=187139

Url: http://secunia.com/advisories/26257

Url: https://www.mend.io/vulnerability-database/CVE-2007-3387

Severity Score

5.6

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us