CVE-2007-3387

Name	CVE-2007-3387
Description	Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severity	medium (attack range: remote)
Debian Bugs	435460, 435462

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
cups (PTS)	wheezy	1.5.3-5+deb7u6	fixed
	wheezy (security)	1.5.3-5+deb7u7	fixed
	jessie	1.7.5-11+deb8u2	fixed
	jessie (security)	1.7.5-11+deb8u1	fixed
	stretch	2.2.1-8+deb9u1	fixed
	buster, sid	2.2.7-3	fixed
ipe (PTS)	wheezy	7.1.2-1	fixed
	jessie	7.1.4-2	fixed
	stretch	7.2.7-2	fixed
	buster, sid	7.2.7-3	fixed
libextractor (PTS)	wheezy	1:0.6.3-5	fixed
	wheezy (security)	1:0.6.3-5+deb7u1	fixed
	jessie	1:1.3-2	fixed
	stretch	1:1.3-4	fixed
	buster, sid	1:1.6-2	fixed
poppler (PTS)	wheezy	0.18.4-6	fixed
	wheezy (security)	0.18.4-6+deb7u5	fixed
	jessie	0.26.5-2+deb8u1	fixed
	jessie (security)	0.26.5-2+deb8u4	fixed
	stretch (security), stretch	0.48.0-2+deb9u2	fixed
	buster, sid	0.62.0-2	fixed
swftools (PTS)	wheezy	0.9.2+ds1-3	fixed
	wheezy (security)	0.9.2+ds1-3+deb7u1	fixed
	jessie	0.9.2+git20130725-2	fixed
	buster, sid, stretch	0.9.2+git20130725-4.1	fixed
xpdf (PTS)	wheezy	3.03-10	fixed
	jessie	3.03-17	fixed
	stretch	3.04-4	fixed
	buster, sid	3.04-7	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
cups	source	(unstable)	(not affected)
cupsys	source	(unstable)	(not affected)
gpdf	source	(unstable)	(unfixed)	medium
gpdf	source	sarge	2.8.2-1.2sarge6	medium	DSA-1354-1
ipe	source	(unstable)	(not affected)
kdegraphics	source	(unstable)	4:3.5.7-3	medium
kdegraphics	source	etch	4:3.5.5-3etch1	medium	DSA-1355-1
kdegraphics	source	lenny	4:3.5.7-2lenny1	medium	DTSA-49-1
kdegraphics	source	sarge	4:3.3.2-2sarge5	medium	DSA-1355-1
koffice	source	(unstable)	1:1.6.3-2	medium
koffice	source	etch	1:1.6.1-2etch1	medium	DSA-1357-1
koffice	source	lenny	1:1.6.3-1lenny1	medium	DTSA-50-1
libextractor	source	(unstable)	0.5.12-1	medium
libextractor	source	sarge	0.4.2-2sarge6	medium	DSA-1349-1
pdfkit.framework	source	(unstable)	0.8-4	medium
pdfkit.framework	source	sarge	0.8-2sarge4	medium	DSA-1352-1
pdftohtml	source	(unstable)	(unfixed)	medium
pdftohtml	source	etch	0.36-13etch1	medium
poppler	source	(unstable)	0.5.4-6.1	medium		435460
poppler	source	etch	0.4.5-5.1etch1	medium	DSA-1348-1
poppler	source	lenny	0.5.4-6lenny2	medium	DTSA-62-1
swftools	source	(unstable)	0.9.2+ds1-2	medium
tetex-bin	source	(unstable)	3.0-12	medium
tetex-bin	source	sarge	2.0.2-30sarge5	medium	DSA-1350-1
xpdf	source	(unstable)	3.02-1.1	medium		435462
xpdf	source	etch	3.01-9etch1	medium	DSA-1347-1
xpdf	source	sarge	3.00-13.7	medium	DSA-1347-1

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)