CVE-2007-3387

high

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149

http://www.vupen.com/english/advisories/2007/2705

http://www.vupen.com/english/advisories/2007/2704

http://www.ubuntu.com/usn/usn-496-2

http://www.ubuntu.com/usn/usn-496-1

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670

http://www.securitytracker.com/id?1018473

http://www.securityfocus.com/bid/25124

http://www.securityfocus.com/archive/1/476765/30/5340/threaded

http://www.securityfocus.com/archive/1/476519/30/5400/threaded

http://www.securityfocus.com/archive/1/476508/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0735.html

http://www.redhat.com/support/errata/RHSA-2007-0732.html

http://www.redhat.com/support/errata/RHSA-2007-0731.html

http://www.redhat.com/support/errata/RHSA-2007-0730.html

http://www.redhat.com/support/errata/RHSA-2007-0729.html

http://www.redhat.com/support/errata/RHSA-2007-0720.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:165

http://www.mandriva.com/security/advisories?name=MDKSA-2007:164

http://www.mandriva.com/security/advisories?name=MDKSA-2007:163

http://www.mandriva.com/security/advisories?name=MDKSA-2007:162

http://www.mandriva.com/security/advisories?name=MDKSA-2007:161

http://www.mandriva.com/security/advisories?name=MDKSA-2007:160

http://www.mandriva.com/security/advisories?name=MDKSA-2007:159

http://www.mandriva.com/security/advisories?name=MDKSA-2007:158

http://www.kde.org/info/security/advisory-20070730-1.txt

http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml

http://www.debian.org/security/2007/dsa-1357

http://www.debian.org/security/2007/dsa-1355

http://www.debian.org/security/2007/dsa-1354

http://www.debian.org/security/2007/dsa-1352

http://www.debian.org/security/2007/dsa-1350

http://www.debian.org/security/2007/dsa-1349

http://www.debian.org/security/2007/dsa-1348

http://www.debian.org/security/2007/dsa-1347

http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

http://security.gentoo.org/glsa/glsa-200805-13.xml

http://security.gentoo.org/glsa/glsa-200711-34.xml

http://security.gentoo.org/glsa/glsa-200710-20.xml

http://security.gentoo.org/glsa/glsa-200709-17.xml

http://security.gentoo.org/glsa/glsa-200709-12.xml

http://secunia.com/advisories/30168

http://secunia.com/advisories/27637

http://secunia.com/advisories/27308

http://secunia.com/advisories/27281

http://secunia.com/advisories/27156

http://secunia.com/advisories/26982

http://secunia.com/advisories/26862

http://secunia.com/advisories/26627

http://secunia.com/advisories/26607

http://secunia.com/advisories/26514

http://secunia.com/advisories/26470

http://secunia.com/advisories/26468

http://secunia.com/advisories/26467

http://secunia.com/advisories/26436

http://secunia.com/advisories/26432

http://secunia.com/advisories/26425

http://secunia.com/advisories/26413

http://secunia.com/advisories/26410

http://secunia.com/advisories/26407

http://secunia.com/advisories/26405

http://secunia.com/advisories/26403

http://secunia.com/advisories/26395

http://secunia.com/advisories/26370

http://secunia.com/advisories/26365

http://secunia.com/advisories/26358

http://secunia.com/advisories/26343

http://secunia.com/advisories/26342

http://secunia.com/advisories/26325

http://secunia.com/advisories/26318

http://secunia.com/advisories/26307

http://secunia.com/advisories/26297

http://secunia.com/advisories/26293

http://secunia.com/advisories/26292

http://secunia.com/advisories/26283

http://secunia.com/advisories/26281

http://secunia.com/advisories/26278

http://secunia.com/advisories/26257

http://secunia.com/advisories/26255

http://secunia.com/advisories/26254

http://secunia.com/advisories/26251

http://secunia.com/advisories/26188

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194

http://bugs.gentoo.org/show_bug.cgi?id=187139

Details

Source: Mitre, NVD

Published: 2007-07-30

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High