CVE-2007-3387

NameCVE-2007-3387
DescriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs435460, 435462
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)squeeze1.4.4-7+squeeze5fixed
squeeze (security)1.4.4-7+squeeze4fixed
squeeze (lts)1.4.4-7+squeeze8fixed
wheezy1.5.3-5+deb7u4fixed
wheezy (security)1.5.3-5+deb7u6fixed
jessie1.7.5-11fixed
jessie (security)1.7.5-11+deb8u1fixed
stretch, sid1.7.5-12fixed
ipe (PTS)squeeze7.0.10-2fixed
wheezy7.1.2-1fixed
stretch, jessie, sid7.1.4-2fixed
kdegraphics (PTS)squeeze4:4.4.5-2fixed
koffice (PTS)squeeze1:2.2.1-4fixed
libextractor (PTS)squeeze1:0.5.23+dfsg-7fixed
wheezy1:0.6.3-5fixed
stretch, jessie, sid1:1.3-2fixed
poppler (PTS)squeeze, squeeze (security)0.12.4-1.2+squeeze3fixed
squeeze (lts)0.12.4-1.2+squeeze4fixed
wheezy0.18.4-6fixed
stretch, jessie, sid0.26.5-2fixed
swftools (PTS)wheezy0.9.2+ds1-3fixed
stretch, jessie, sid0.9.2+git20130725-2fixed
xpdf (PTS)squeeze3.02-12+squeeze1fixed
wheezy3.03-10fixed
stretch, jessie, sid3.03-17fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsource(unstable)(unfixed)medium
gpdfsourcesarge2.8.2-1.2sarge6mediumDSA-1354-1
ipesource(unstable)(not affected)
kdegraphicssource(unstable)4:3.5.7-3medium
kdegraphicssourceetch4:3.5.5-3etch1mediumDSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1mediumDTSA-49-1
kdegraphicssourcesarge4:3.3.2-2sarge5mediumDSA-1355-1
kofficesource(unstable)1:1.6.3-2medium
kofficesourceetch1:1.6.1-2etch1mediumDSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1mediumDTSA-50-1
libextractorsource(unstable)0.5.12-1medium
libextractorsourcesarge0.4.2-2sarge6mediumDSA-1349-1
pdfkit.frameworksource(unstable)0.8-4medium
pdfkit.frameworksourcesarge0.8-2sarge4mediumDSA-1352-1
pdftohtmlsource(unstable)(unfixed)medium
pdftohtmlsourceetch0.36-13etch1medium
popplersource(unstable)0.5.4-6.1medium435460
popplersourceetch0.4.5-5.1etch1mediumDSA-1348-1
popplersourcelenny0.5.4-6lenny2mediumDTSA-62-1
swftoolssource(unstable)0.9.2+ds1-2medium
tetex-binsource(unstable)3.0-12medium
tetex-binsourcesarge2.0.2-30sarge5mediumDSA-1350-1
xpdfsource(unstable)3.02-1.1medium435462
xpdfsourceetch3.01-9etch1mediumDSA-1347-1
xpdfsourcesarge3.00-13.7mediumDSA-1347-1

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)

Search for package or bug name: Reporting problems