CVE-2007-3387 — MEDIUM (6.8)

Q: How severe is CVE-2007-3387?

CVE-2007-3387 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-3387?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups, Freedesktop Poppler, Gpdf Project Gpdf, Xpdfreader Xpdf, Debian Debian Linux.

Vulnerability Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Cups	<= 1.3.11
Freedesktop	Poppler	< 0.5.91
Gpdf Project	Gpdf	< 2.8.2
Xpdfreader	Xpdf	3.02
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-190

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patchBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.ascBroken Link
http://bugs.gentoo.org/show_bug.cgi?id=187139Issue TrackingThird Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194Issue TrackingThird Party Advisory
http://osvdb.org/40127Broken Link
http://secunia.com/advisories/26188Third Party Advisory
http://secunia.com/advisories/26251Third Party Advisory
http://secunia.com/advisories/26254Third Party Advisory
http://secunia.com/advisories/26255Third Party Advisory
http://secunia.com/advisories/26257Third Party Advisory
http://secunia.com/advisories/26278Third Party Advisory
http://secunia.com/advisories/26281Third Party Advisory
http://secunia.com/advisories/26283Third Party Advisory
http://secunia.com/advisories/26292Third Party Advisory
http://secunia.com/advisories/26293Third Party Advisory

FAQ

What is CVE-2007-3387?

CVE-2007-3387 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other...

How severe is CVE-2007-3387?

CVE-2007-3387 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3387?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups, Freedesktop Poppler, Gpdf Project Gpdf, Xpdfreader Xpdf, Debian Debian Linux.