CVE-2007-3387

CWE-190 — Integer Overflow19 documents8 sources

Severity

6.8MEDIUM

EPSS

8.9%

top 7.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Gpdf Project Gpdf Apple Cups +3 more

Timeline

PublishedJul 30

Latest updateMay 3

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages7 packages

▶NVDgpdf_project/gpdf< 2.8.2

▶NVDfreedesktop/poppler< 0.5.91

▶Debianxpdf< 3.02-1.1+3

▶Debianpoppler< 0.5.4-6.1+3

▶NVDapple/cups1.3.11

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 6.06, 6.10, 7.04

🔴Vulnerability Details

GHSA

GHSA-v25x-frpw-qg4x: Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3↗2022-05-03

▶

CVEList

CVE-2007-3387: Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3↗2007-07-30

▶

OSV

CVE-2007-3387: Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3↗2007-07-30

▶

📋Vendor Advisories

Ubuntu

poppler vulnerability↗2007-08-07

▶

Ubuntu

koffice vulnerability↗2007-08-03

▶

Red Hat

xpdf integer overflow↗2007-07-28

▶

Debian

CVE-2007-3387: cups - Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, ...↗2007

▶

💬Community

Bugzilla

CVE-2007-3387 xpdf integer overflow [F7]↗2007-08-09

▶

Bugzilla

CVE-2007-3387 xpdf integer overflow [FC6]↗2007-08-09

▶

Bugzilla

CVE-2007-3387 xpdf integer overflow [F7]↗2007-08-09

▶

Bugzilla

CVE-2007-3387 xpdf integer overflow [F7]↗2007-08-09

▶

Bugzilla

CVE-2007-3387 xpdf integer overflow [F7]↗2007-08-09

▶