CVE-2007-3387
UnknownEPSS 8.57%
Last modified
CVE-2007-3387 is a vulnerability of currently unknown severity. Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.. EPSS estimates a 8.57% chance of exploitation in the next 30 days.
Description
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Cups | <= 1.3.11 |
| Freedesktop | Poppler | < 0.5.91 |
| Gpdf Project | Gpdf | < 2.8.2 |
| Xpdfreader | Xpdf | 3.02 |
| Debian | Debian Linux | 3.1 |
| Debian | Debian Linux | 4.0 |
| Canonical | Ubuntu Linux | 6.06 |
| Canonical | Ubuntu Linux | 6.10 |
| Canonical | Ubuntu Linux | 7.04 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=187139Issue Tracking, Third Party Advisory
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194Issue Tracking, Third Party Advisory
- http://osvdb.org/40127Broken Link
- http://secunia.com/advisories/26188Third Party Advisory
- http://secunia.com/advisories/26251Third Party Advisory
- http://secunia.com/advisories/26254Third Party Advisory
- http://secunia.com/advisories/26255Third Party Advisory
- http://secunia.com/advisories/26257Third Party Advisory
- http://secunia.com/advisories/26278Third Party Advisory
- http://secunia.com/advisories/26281Third Party Advisory
- http://secunia.com/advisories/26283Third Party Advisory
- http://secunia.com/advisories/26292Third Party Advisory
- http://secunia.com/advisories/26293Third Party Advisory
- http://secunia.com/advisories/26297Third Party Advisory
- http://secunia.com/advisories/26307Third Party Advisory
- http://secunia.com/advisories/26318Third Party Advisory
- http://secunia.com/advisories/26325Third Party Advisory
- http://secunia.com/advisories/26342Third Party Advisory
- http://secunia.com/advisories/26343Third Party Advisory
- http://secunia.com/advisories/26358Third Party Advisory
- http://secunia.com/advisories/26365Third Party Advisory
- http://secunia.com/advisories/26370Third Party Advisory
- http://secunia.com/advisories/26395Third Party Advisory
- http://secunia.com/advisories/26403Third Party Advisory
- http://secunia.com/advisories/26405Third Party Advisory
- http://secunia.com/advisories/26407Third Party Advisory
- http://secunia.com/advisories/26410Third Party Advisory
- http://secunia.com/advisories/26413Third Party Advisory
- http://secunia.com/advisories/26425Third Party Advisory
- http://secunia.com/advisories/26432Third Party Advisory
- http://secunia.com/advisories/26436Third Party Advisory
- http://secunia.com/advisories/26467Third Party Advisory
- http://secunia.com/advisories/26468Third Party Advisory
- http://secunia.com/advisories/26470Third Party Advisory
- http://secunia.com/advisories/26514Third Party Advisory
- http://secunia.com/advisories/26607Third Party Advisory
- http://secunia.com/advisories/26627Third Party Advisory
- http://secunia.com/advisories/26862Third Party Advisory
- http://secunia.com/advisories/26982Third Party Advisory
- http://secunia.com/advisories/27156Third Party Advisory
- http://secunia.com/advisories/27281Third Party Advisory
- http://secunia.com/advisories/27308Third Party Advisory
- http://secunia.com/advisories/27637Third Party Advisory
- http://secunia.com/advisories/30168Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200709-12.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200709-17.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200710-20.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200711-34.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200805-13.xmlThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2007-401.htmThird Party Advisory
- http://www.debian.org/security/2007/dsa-1347Third Party Advisory
- http://www.debian.org/security/2007/dsa-1348Third Party Advisory
- http://www.debian.org/security/2007/dsa-1349Third Party Advisory
- http://www.debian.org/security/2007/dsa-1350Third Party Advisory
- http://www.debian.org/security/2007/dsa-1352Third Party Advisory
- http://www.debian.org/security/2007/dsa-1354Third Party Advisory
- http://www.debian.org/security/2007/dsa-1355Third Party Advisory
- http://www.debian.org/security/2007/dsa-1357Third Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200710-08.xmlThird Party Advisory
- http://www.kde.org/info/security/advisory-20070730-1.txtThird Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:158Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:159Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:160Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:161Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:162Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:163Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:164Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:165Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0720.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0729.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0730.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0731.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0732.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0735.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/476508/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/476519/30/5400/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/476765/30/5340/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/25124Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018473Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-496-1Third Party Advisory
- http://www.ubuntu.com/usn/usn-496-2Third Party Advisory
- http://www.vupen.com/english/advisories/2007/2704Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/2705Permissions Required, Third Party Advisory
- https://issues.rpath.com/browse/RPL-1596Broken Link
- https://issues.rpath.com/browse/RPL-1604Broken Link
- http://bugs.gentoo.org/show_bug.cgi?id=187139Issue Tracking, Third Party Advisory
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194Issue Tracking, Third Party Advisory
- http://osvdb.org/40127Broken Link
- http://secunia.com/advisories/26188Third Party Advisory
- http://secunia.com/advisories/26251Third Party Advisory
- http://secunia.com/advisories/26254Third Party Advisory
- http://secunia.com/advisories/26255Third Party Advisory
- http://secunia.com/advisories/26257Third Party Advisory
- http://secunia.com/advisories/26278Third Party Advisory
- http://secunia.com/advisories/26281Third Party Advisory
- http://secunia.com/advisories/26283Third Party Advisory
- http://secunia.com/advisories/26292Third Party Advisory
- http://secunia.com/advisories/26293Third Party Advisory
- http://secunia.com/advisories/26297Third Party Advisory
- http://secunia.com/advisories/26307Third Party Advisory
- http://secunia.com/advisories/26318Third Party Advisory
- http://secunia.com/advisories/26325Third Party Advisory
- http://secunia.com/advisories/26342Third Party Advisory
- http://secunia.com/advisories/26343Third Party Advisory
- http://secunia.com/advisories/26358Third Party Advisory
- http://secunia.com/advisories/26365Third Party Advisory
- http://secunia.com/advisories/26370Third Party Advisory
- http://secunia.com/advisories/26395Third Party Advisory
- http://secunia.com/advisories/26403Third Party Advisory
- http://secunia.com/advisories/26405Third Party Advisory
- http://secunia.com/advisories/26407Third Party Advisory
- http://secunia.com/advisories/26410Third Party Advisory
- http://secunia.com/advisories/26413Third Party Advisory
- http://secunia.com/advisories/26425Third Party Advisory
- http://secunia.com/advisories/26432Third Party Advisory
- http://secunia.com/advisories/26436Third Party Advisory
- http://secunia.com/advisories/26467Third Party Advisory
- http://secunia.com/advisories/26468Third Party Advisory
- http://secunia.com/advisories/26470Third Party Advisory
- http://secunia.com/advisories/26514Third Party Advisory
- http://secunia.com/advisories/26607Third Party Advisory
- http://secunia.com/advisories/26627Third Party Advisory
- http://secunia.com/advisories/26862Third Party Advisory
- http://secunia.com/advisories/26982Third Party Advisory
- http://secunia.com/advisories/27156Third Party Advisory
- http://secunia.com/advisories/27281Third Party Advisory
- http://secunia.com/advisories/27308Third Party Advisory
- http://secunia.com/advisories/27637Third Party Advisory
- http://secunia.com/advisories/30168Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200709-12.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200709-17.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200710-20.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200711-34.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200805-13.xmlThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2007-401.htmThird Party Advisory
- http://www.debian.org/security/2007/dsa-1347Third Party Advisory
- http://www.debian.org/security/2007/dsa-1348Third Party Advisory
- http://www.debian.org/security/2007/dsa-1349Third Party Advisory
- http://www.debian.org/security/2007/dsa-1350Third Party Advisory
- http://www.debian.org/security/2007/dsa-1352Third Party Advisory
- http://www.debian.org/security/2007/dsa-1354Third Party Advisory
- http://www.debian.org/security/2007/dsa-1355Third Party Advisory
- http://www.debian.org/security/2007/dsa-1357Third Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200710-08.xmlThird Party Advisory
- http://www.kde.org/info/security/advisory-20070730-1.txtThird Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:158Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:159Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:160Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:161Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:162Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:163Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:164Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:165Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0720.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0729.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0730.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0731.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0732.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0735.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/476508/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/476519/30/5400/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/476765/30/5340/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/25124Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1018473Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-496-1Third Party Advisory
- http://www.ubuntu.com/usn/usn-496-2Third Party Advisory
- http://www.vupen.com/english/advisories/2007/2704Permissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2007/2705Permissions Required, Third Party Advisory
- https://issues.rpath.com/browse/RPL-1596Broken Link
- https://issues.rpath.com/browse/RPL-1604Broken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3387?
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
How severe is CVE-2007-3387?
Severity scoring for CVE-2007-3387 is pending analysis. The EPSS model estimates a 8.57% probability of exploitation in the next 30 days.
How do I fix CVE-2007-3387?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2007-3387?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST