| Name | CVE-2007-3387 |
| Description | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| References | DSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1 |
| NVD severity | medium |
| Debian Bugs | 435460, 435462 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| cups (PTS) | jessie | 1.7.5-11+deb8u2 | fixed |
| jessie (security) | 1.7.5-11+deb8u6 | fixed | |
| stretch | 2.2.1-8+deb9u4 | fixed | |
| stretch (security) | 2.2.1-8+deb9u2 | fixed | |
| buster | 2.2.10-6+deb10u1 | fixed | |
| bullseye | 2.3.0-6 | fixed | |
| sid | 2.3.0-7 | fixed | |
| ipe (PTS) | jessie | 7.1.4-2 | fixed |
| stretch | 7.2.7-2 | fixed | |
| bullseye, sid, buster | 7.2.9-1 | fixed | |
| libextractor (PTS) | jessie | 1:1.3-2+deb8u1 | fixed |
| jessie (security) | 1:1.3-2+deb8u5 | fixed | |
| stretch (security), stretch | 1:1.3-4+deb9u3 | fixed | |
| buster | 1:1.8-2 | fixed | |
| bullseye, sid | 1:1.9-2 | fixed | |
| poppler (PTS) | jessie | 0.26.5-2+deb8u4 | fixed |
| jessie (security) | 0.26.5-2+deb8u13 | fixed | |
| stretch (security), stretch | 0.48.0-2+deb9u2 | fixed | |
| buster | 0.71.0-5 | fixed | |
| bullseye, sid | 0.71.0-6 | fixed | |
| swftools (PTS) | jessie | 0.9.2+git20130725-2 | fixed |
| stretch | 0.9.2+git20130725-4.1 | fixed | |
| xpdf (PTS) | jessie | 3.03-17 | fixed |
| stretch | 3.04-4 | fixed | |
| bullseye, sid, buster | 3.04-13 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| cups | source | (unstable) | (not affected) | |||
| cupsys | source | (unstable) | (not affected) | |||
| gpdf | source | (unstable) | (unfixed) | |||
| gpdf | source | sarge | 2.8.2-1.2sarge6 | DSA-1354-1 | ||
| ipe | source | (unstable) | (not affected) | |||
| kdegraphics | source | (unstable) | 4:3.5.7-3 | |||
| kdegraphics | source | etch | 4:3.5.5-3etch1 | DSA-1355-1 | ||
| kdegraphics | source | lenny | 4:3.5.7-2lenny1 | DTSA-49-1 | ||
| kdegraphics | source | sarge | 4:3.3.2-2sarge5 | DSA-1355-1 | ||
| koffice | source | (unstable) | 1:1.6.3-2 | |||
| koffice | source | etch | 1:1.6.1-2etch1 | DSA-1357-1 | ||
| koffice | source | lenny | 1:1.6.3-1lenny1 | DTSA-50-1 | ||
| libextractor | source | (unstable) | 0.5.12-1 | |||
| libextractor | source | sarge | 0.4.2-2sarge6 | DSA-1349-1 | ||
| pdfkit.framework | source | (unstable) | 0.8-4 | |||
| pdfkit.framework | source | sarge | 0.8-2sarge4 | DSA-1352-1 | ||
| pdftohtml | source | (unstable) | (unfixed) | |||
| pdftohtml | source | etch | 0.36-13etch1 | |||
| poppler | source | (unstable) | 0.5.4-6.1 | 435460 | ||
| poppler | source | etch | 0.4.5-5.1etch1 | DSA-1348-1 | ||
| poppler | source | lenny | 0.5.4-6lenny2 | DTSA-62-1 | ||
| swftools | source | (unstable) | 0.9.2+ds1-2 | |||
| tetex-bin | source | (unstable) | 3.0-12 | |||
| tetex-bin | source | sarge | 2.0.2-30sarge5 | DSA-1350-1 | ||
| xpdf | source | (unstable) | 3.02-1.1 | 435462 | ||
| xpdf | source | etch | 3.01-9etch1 | DSA-1347-1 | ||
| xpdf | source | sarge | 3.00-13.7 | DSA-1347-1 |
pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)