CVE-2007-3387: Integer Overflow
First published: Mon Jul 30 2007(Updated: )
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | =3.02 | |
| Apple Cups | <=1.3.11 | |
| freedesktop poppler | <0.5.91 | |
| Gpdf Project Gpdf | <2.8.2 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =4.0 | |
| Canonical Ubuntu Linux | =7.04 | |
| Canonical Ubuntu Linux | =6.10 | |
| Canonical Ubuntu Linux | =6.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2007-0730.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
- http://bugs.gentoo.org/show_bug.cgi?id=187139
- http://www.kde.org/info/security/advisory-20070730-1.txt
- https://issues.rpath.com/browse/RPL-1596
- https://issues.foresightlinux.org/browse/FL-471
- https://issues.rpath.com/browse/RPL-1604
- http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
- http://sourceforge.net/project/shownotes.php?release_id=535497
- http://www.debian.org/security/2007/dsa-1347
- http://www.debian.org/security/2007/dsa-1348
- http://www.debian.org/security/2007/dsa-1349
- http://www.debian.org/security/2007/dsa-1350
- http://www.debian.org/security/2007/dsa-1352
- http://www.debian.org/security/2007/dsa-1355
- http://www.debian.org/security/2007/dsa-1354
- http://www.debian.org/security/2007/dsa-1357
- http://security.gentoo.org/glsa/glsa-200709-12.xml
- http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
- http://security.gentoo.org/glsa/glsa-200710-20.xml
- http://security.gentoo.org/glsa/glsa-200709-17.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
- http://www.redhat.com/support/errata/RHSA-2007-0720.html
- http://www.redhat.com/support/errata/RHSA-2007-0729.html
- http://www.redhat.com/support/errata/RHSA-2007-0732.html
- http://www.redhat.com/support/errata/RHSA-2007-0735.html
- http://www.redhat.com/support/errata/RHSA-2007-0731.html
- http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.novell.com/linux/security/advisories/2007_16_sr.html
- http://www.ubuntu.com/usn/usn-496-1
- http://www.ubuntu.com/usn/usn-496-2
- http://www.securityfocus.com/bid/25124
- http://www.securitytracker.com/id?1018473
- http://secunia.com/advisories/26188
- http://secunia.com/advisories/26254
- http://secunia.com/advisories/26255
- http://secunia.com/advisories/26257
- http://secunia.com/advisories/26278
- http://secunia.com/advisories/26281
- http://secunia.com/advisories/26283
- http://secunia.com/advisories/26251
- http://secunia.com/advisories/26293
- http://secunia.com/advisories/26292
- http://secunia.com/advisories/26307
- http://secunia.com/advisories/26318
- http://secunia.com/advisories/26342
- http://secunia.com/advisories/26297
- http://secunia.com/advisories/26343
- http://secunia.com/advisories/26358
- http://secunia.com/advisories/26325
- http://secunia.com/advisories/26365
- http://secunia.com/advisories/26370
- http://secunia.com/advisories/26413
- http://secunia.com/advisories/26410
- http://secunia.com/advisories/26403
- http://secunia.com/advisories/26405
- http://secunia.com/advisories/26407
- http://secunia.com/advisories/26432
- http://secunia.com/advisories/26436
- http://secunia.com/advisories/26467
- http://secunia.com/advisories/26468
- http://secunia.com/advisories/26470
- http://secunia.com/advisories/26425
- http://secunia.com/advisories/26395
- http://secunia.com/advisories/26514
- http://secunia.com/advisories/26607
- http://secunia.com/advisories/26862
- http://secunia.com/advisories/27156
- http://secunia.com/advisories/27281
- http://secunia.com/advisories/27308
- http://secunia.com/advisories/27637
- http://secunia.com/advisories/26627
- http://secunia.com/advisories/26982
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://secunia.com/advisories/30168
- http://osvdb.org/40127
- http://www.vupen.com/english/advisories/2007/2704
- http://www.vupen.com/english/advisories/2007/2705
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
- http://www.securityfocus.com/archive/1/476765/30/5340/threaded
- http://www.securityfocus.com/archive/1/476519/30/5400/threaded
- http://www.securityfocus.com/archive/1/476508/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/3.02
- vendor/apple
- canonical/apple cups
- version/apple cups/1.3.11
- vendor/freedesktop
- canonical/freedesktop poppler
- vendor/gpdf project
- canonical/gpdf project gpdf
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/3.1
- version/debian debian linux/4.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/7.04
- version/canonical ubuntu linux/6.10
- version/canonical ubuntu linux/6.06