CVE-2007-3387

NameCVE-2007-3387
DescriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severitymedium
Debian Bugs435460, 435462

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)stretch2.2.1-8+deb9u6fixed
stretch (security)2.2.1-8+deb9u2fixed
buster2.2.10-6+deb10u3fixed
bullseye, sid2.3.3-3fixed
ipe (PTS)stretch7.2.7-2fixed
buster7.2.9-1fixed
bullseye, sid7.2.20-2fixed
libextractor (PTS)stretch (security), stretch1:1.3-4+deb9u3fixed
buster1:1.8-2fixed
bullseye1:1.10-1fixed
sid1:1.10-2fixed
poppler (PTS)stretch0.48.0-2+deb9u2fixed
stretch (security)0.48.0-2+deb9u3fixed
buster0.71.0-5fixed
bullseye, sid20.09.0-2fixed
swftools (PTS)stretch0.9.2+git20130725-4.1fixed
xpdf (PTS)stretch3.04-4fixed
sid, buster3.04-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsourcesarge2.8.2-1.2sarge6DSA-1354-1
gpdfsource(unstable)(unfixed)
ipesource(unstable)(not affected)
kdegraphicssourcesarge4:3.3.2-2sarge5DSA-1355-1
kdegraphicssourceetch4:3.5.5-3etch1DSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1DTSA-49-1
kdegraphicssource(unstable)4:3.5.7-3
kofficesourceetch1:1.6.1-2etch1DSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1DTSA-50-1
kofficesource(unstable)1:1.6.3-2
libextractorsourcesarge0.4.2-2sarge6DSA-1349-1
libextractorsource(unstable)0.5.12-1
pdfkit.frameworksourcesarge0.8-2sarge4DSA-1352-1
pdfkit.frameworksource(unstable)0.8-4
pdftohtmlsourceetch0.36-13etch1
pdftohtmlsource(unstable)(unfixed)
popplersourceetch0.4.5-5.1etch1DSA-1348-1
popplersourcelenny0.5.4-6lenny2DTSA-62-1
popplersource(unstable)0.5.4-6.1435460
swftoolssource(unstable)0.9.2+ds1-2
tetex-binsourcesarge2.0.2-30sarge5DSA-1350-1
tetex-binsource(unstable)3.0-12
xpdfsourcesarge3.00-13.7DSA-1347-1
xpdfsourceetch3.01-9etch1DSA-1347-1
xpdfsource(unstable)3.02-1.1435462

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)

Search for package or bug name: Reporting problems