GLSA-200709-12 : Poppler: Two buffer overflow vulnerabilities

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200709-12
(Poppler: Two buffer overflow vulnerabilities)

Poppler and Xpdf are vulnerable to an integer overflow in the
StreamPredictor::StreamPredictor function, and a stack overflow in the
StreamPredictor::getNextLine function. The original vulnerability was
discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is
patched to use the Poppler library, so the update to Poppler will also
fix Xpdf.

Impact :

By enticing a user to view a specially crafted program with a
Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a
remote attacker could cause an overflow, potentially resulting in the
execution of arbitrary code with the privileges of the user running the

Workaround :

There is no known workaround at this time.

See also :

Solution :

All Poppler users should upgrade to the latest version of Poppler:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/poppler-0.5.4-r2'

Risk factor :

Medium / CVSS Base Score : 6.8
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 26102 (gentoo_GLSA-200709-12.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3387

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now