CVE-2007-3387

NameCVE-2007-3387
DescriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severitymedium (attack range: remote)
Debian Bugs435460, 435462

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)jessie1.7.5-11+deb8u2fixed
jessie (security)1.7.5-11+deb8u5fixed
stretch2.2.1-8+deb9u3fixed
stretch (security)2.2.1-8+deb9u2fixed
bullseye, buster2.2.10-6fixed
sid2.2.12-1fixed
ipe (PTS)jessie7.1.4-2fixed
stretch7.2.7-2fixed
bullseye, sid, buster7.2.9-1fixed
libextractor (PTS)jessie1:1.3-2+deb8u1fixed
jessie (security)1:1.3-2+deb8u4fixed
stretch (security), stretch1:1.3-4+deb9u3fixed
buster1:1.8-2fixed
bullseye, sid1:1.9-1fixed
poppler (PTS)jessie0.26.5-2+deb8u4fixed
jessie (security)0.26.5-2+deb8u10fixed
stretch (security), stretch0.48.0-2+deb9u2fixed
bullseye, sid, buster0.71.0-5fixed
swftools (PTS)jessie0.9.2+git20130725-2fixed
stretch0.9.2+git20130725-4.1fixed
xpdf (PTS)jessie3.03-17fixed
stretch3.04-4fixed
bullseye, sid, buster3.04-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsource(unstable)(unfixed)medium
gpdfsourcesarge2.8.2-1.2sarge6mediumDSA-1354-1
ipesource(unstable)(not affected)
kdegraphicssource(unstable)4:3.5.7-3medium
kdegraphicssourceetch4:3.5.5-3etch1mediumDSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1mediumDTSA-49-1
kdegraphicssourcesarge4:3.3.2-2sarge5mediumDSA-1355-1
kofficesource(unstable)1:1.6.3-2medium
kofficesourceetch1:1.6.1-2etch1mediumDSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1mediumDTSA-50-1
libextractorsource(unstable)0.5.12-1medium
libextractorsourcesarge0.4.2-2sarge6mediumDSA-1349-1
pdfkit.frameworksource(unstable)0.8-4medium
pdfkit.frameworksourcesarge0.8-2sarge4mediumDSA-1352-1
pdftohtmlsource(unstable)(unfixed)medium
pdftohtmlsourceetch0.36-13etch1medium
popplersource(unstable)0.5.4-6.1medium435460
popplersourceetch0.4.5-5.1etch1mediumDSA-1348-1
popplersourcelenny0.5.4-6lenny2mediumDTSA-62-1
swftoolssource(unstable)0.9.2+ds1-2medium
tetex-binsource(unstable)3.0-12medium
tetex-binsourcesarge2.0.2-30sarge5mediumDSA-1350-1
xpdfsource(unstable)3.02-1.1medium435462
xpdfsourceetch3.01-9etch1mediumDSA-1347-1
xpdfsourcesarge3.00-13.7mediumDSA-1347-1

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)
Search for package or bug name: Reporting problems