CVE-2007-3387

NameCVE-2007-3387
DescriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severitymedium
Debian Bugs435460, 435462

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)jessie1.7.5-11+deb8u2fixed
jessie (security)1.7.5-11+deb8u6fixed
stretch2.2.1-8+deb9u4fixed
stretch (security)2.2.1-8+deb9u2fixed
buster2.2.10-6+deb10u1fixed
bullseye2.3.0-6fixed
sid2.3.0-7fixed
ipe (PTS)jessie7.1.4-2fixed
stretch7.2.7-2fixed
bullseye, sid, buster7.2.9-1fixed
libextractor (PTS)jessie1:1.3-2+deb8u1fixed
jessie (security)1:1.3-2+deb8u5fixed
stretch (security), stretch1:1.3-4+deb9u3fixed
buster1:1.8-2fixed
bullseye, sid1:1.9-2fixed
poppler (PTS)jessie0.26.5-2+deb8u4fixed
jessie (security)0.26.5-2+deb8u13fixed
stretch (security), stretch0.48.0-2+deb9u2fixed
buster0.71.0-5fixed
bullseye, sid0.71.0-6fixed
swftools (PTS)jessie0.9.2+git20130725-2fixed
stretch0.9.2+git20130725-4.1fixed
xpdf (PTS)jessie3.03-17fixed
stretch3.04-4fixed
bullseye, sid, buster3.04-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsource(unstable)(unfixed)
gpdfsourcesarge2.8.2-1.2sarge6DSA-1354-1
ipesource(unstable)(not affected)
kdegraphicssource(unstable)4:3.5.7-3
kdegraphicssourceetch4:3.5.5-3etch1DSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1DTSA-49-1
kdegraphicssourcesarge4:3.3.2-2sarge5DSA-1355-1
kofficesource(unstable)1:1.6.3-2
kofficesourceetch1:1.6.1-2etch1DSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1DTSA-50-1
libextractorsource(unstable)0.5.12-1
libextractorsourcesarge0.4.2-2sarge6DSA-1349-1
pdfkit.frameworksource(unstable)0.8-4
pdfkit.frameworksourcesarge0.8-2sarge4DSA-1352-1
pdftohtmlsource(unstable)(unfixed)
pdftohtmlsourceetch0.36-13etch1
popplersource(unstable)0.5.4-6.1435460
popplersourceetch0.4.5-5.1etch1DSA-1348-1
popplersourcelenny0.5.4-6lenny2DTSA-62-1
swftoolssource(unstable)0.9.2+ds1-2
tetex-binsource(unstable)3.0-12
tetex-binsourcesarge2.0.2-30sarge5DSA-1350-1
xpdfsource(unstable)3.02-1.1435462
xpdfsourceetch3.01-9etch1DSA-1347-1
xpdfsourcesarge3.00-13.7DSA-1347-1

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)

Search for package or bug name: Reporting problems