CVE-2007-3387

NameCVE-2007-3387
DescriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, web search, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severitymedium (attack range: remote)
Debian Bugs435460, 435462
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)squeeze1.4.4-7+squeeze5fixed
squeeze (security)1.4.4-7+squeeze4fixed
squeeze (lts)1.4.4-7+squeeze10fixed
wheezy (security), wheezy1.5.3-5+deb7u6fixed
jessie (security), jessie1.7.5-11+deb8u1fixed
stretch, sid2.1.2-2fixed
ipe (PTS)squeeze7.0.10-2fixed
wheezy7.1.2-1fixed
jessie7.1.4-2fixed
stretch, sid7.1.10-1.1fixed
kdegraphics (PTS)squeeze4:4.4.5-2fixed
koffice (PTS)squeeze1:2.2.1-4fixed
libextractor (PTS)squeeze1:0.5.23+dfsg-7fixed
wheezy1:0.6.3-5fixed
jessie1:1.3-2fixed
stretch, sid1:1.3-3fixed
poppler (PTS)squeeze, squeeze (security)0.12.4-1.2+squeeze3fixed
squeeze (lts)0.12.4-1.2+squeeze4fixed
wheezy0.18.4-6fixed
jessie0.26.5-2fixed
stretch, sid0.38.0-2fixed
swftools (PTS)wheezy0.9.2+ds1-3fixed
jessie0.9.2+git20130725-2fixed
stretch, sid0.9.2+git20130725-4fixed
xpdf (PTS)squeeze3.02-12+squeeze1fixed
wheezy3.03-10fixed
jessie3.03-17fixed
stretch3.03-18fixed
sid3.04-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsource(unstable)(unfixed)medium
gpdfsourcesarge2.8.2-1.2sarge6mediumDSA-1354-1
ipesource(unstable)(not affected)
kdegraphicssource(unstable)4:3.5.7-3medium
kdegraphicssourceetch4:3.5.5-3etch1mediumDSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1mediumDTSA-49-1
kdegraphicssourcesarge4:3.3.2-2sarge5mediumDSA-1355-1
kofficesource(unstable)1:1.6.3-2medium
kofficesourceetch1:1.6.1-2etch1mediumDSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1mediumDTSA-50-1
libextractorsource(unstable)0.5.12-1medium
libextractorsourcesarge0.4.2-2sarge6mediumDSA-1349-1
pdfkit.frameworksource(unstable)0.8-4medium
pdfkit.frameworksourcesarge0.8-2sarge4mediumDSA-1352-1
pdftohtmlsource(unstable)(unfixed)medium
pdftohtmlsourceetch0.36-13etch1medium
popplersource(unstable)0.5.4-6.1medium435460
popplersourceetch0.4.5-5.1etch1mediumDSA-1348-1
popplersourcelenny0.5.4-6lenny2mediumDTSA-62-1
swftoolssource(unstable)0.9.2+ds1-2medium
tetex-binsource(unstable)3.0-12medium
tetex-binsourcesarge2.0.2-30sarge5mediumDSA-1350-1
xpdfsource(unstable)3.02-1.1medium435462
xpdfsourceetch3.01-9etch1mediumDSA-1347-1
xpdfsourcesarge3.00-13.7mediumDSA-1347-1

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)

Search for package or bug name: Reporting problems