CVE-2007-3387

NameCVE-2007-3387
DescriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
NVD severitymedium (attack range: remote)
Debian Bugs435460, 435462

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)wheezy (security), wheezy1.5.3-5+deb7u6fixed
jessie (security), jessie1.7.5-11+deb8u1fixed
stretch, sid2.1.3-5fixed
ipe (PTS)wheezy7.1.2-1fixed
jessie7.1.4-2fixed
stretch, sid7.1.10-2fixed
libextractor (PTS)wheezy1:0.6.3-5fixed
jessie1:1.3-2fixed
stretch, sid1:1.3-4fixed
poppler (PTS)wheezy0.18.4-6fixed
wheezy (security)0.18.4-6+deb7u1fixed
jessie0.26.5-2fixed
jessie (security)0.26.5-2+deb8u1fixed
stretch0.38.0-3fixed
sid0.44.0-2fixed
swftools (PTS)wheezy0.9.2+ds1-3fixed
jessie0.9.2+git20130725-2fixed
stretch, sid0.9.2+git20130725-4fixed
xpdf (PTS)wheezy3.03-10fixed
jessie3.03-17fixed
stretch, sid3.04-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsource(unstable)(unfixed)medium
gpdfsourcesarge2.8.2-1.2sarge6mediumDSA-1354-1
ipesource(unstable)(not affected)
kdegraphicssource(unstable)4:3.5.7-3medium
kdegraphicssourceetch4:3.5.5-3etch1mediumDSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1mediumDTSA-49-1
kdegraphicssourcesarge4:3.3.2-2sarge5mediumDSA-1355-1
kofficesource(unstable)1:1.6.3-2medium
kofficesourceetch1:1.6.1-2etch1mediumDSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1mediumDTSA-50-1
libextractorsource(unstable)0.5.12-1medium
libextractorsourcesarge0.4.2-2sarge6mediumDSA-1349-1
pdfkit.frameworksource(unstable)0.8-4medium
pdfkit.frameworksourcesarge0.8-2sarge4mediumDSA-1352-1
pdftohtmlsource(unstable)(unfixed)medium
pdftohtmlsourceetch0.36-13etch1medium
popplersource(unstable)0.5.4-6.1medium435460
popplersourceetch0.4.5-5.1etch1mediumDSA-1348-1
popplersourcelenny0.5.4-6lenny2mediumDTSA-62-1
swftoolssource(unstable)0.9.2+ds1-2medium
tetex-binsource(unstable)3.0-12medium
tetex-binsourcesarge2.0.2-30sarge5mediumDSA-1350-1
xpdfsource(unstable)3.02-1.1medium435462
xpdfsourceetch3.01-9etch1mediumDSA-1347-1
xpdfsourcesarge3.00-13.7mediumDSA-1347-1

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)

Search for package or bug name: Reporting problems