CVE-2007-3387

NameCVE-2007-3387
DescriptionCVE-2007-3387 xpdf integer overflow
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1347-1, DSA-1348-1, DSA-1349-1, DSA-1350-1, DSA-1352-1, DSA-1354-1, DSA-1355-1, DSA-1357-1, DTSA-49-1, DTSA-50-1, DTSA-54-1, DTSA-62-1
Debian Bugs435460, 435462

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)buster, buster (security)2.2.10-6+deb10u6fixed
bullseye (security), bullseye2.3.3op2-3+deb11u2fixed
bookworm, sid2.4.2-1fixed
ipe (PTS)buster7.2.9-1fixed
bullseye7.2.23+dfsg1-2fixed
bookworm, sid7.2.26+dfsg1-3fixed
libextractor (PTS)buster1:1.8-2+deb10u1fixed
bullseye1:1.11-2fixed
bookworm, sid1:1.11-7fixed
poppler (PTS)buster0.71.0-5fixed
buster (security)0.71.0-5+deb10u1fixed
bullseye (security), bullseye20.09.0-3.1+deb11u1fixed
bookworm, sid22.12.0-2fixed
xpdf (PTS)buster3.04-13fixed
bullseye3.04+git20210103-3fixed
bookworm, sid3.04+git20220601-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)(not affected)
gpdfsourcesarge2.8.2-1.2sarge6DSA-1354-1
gpdfsource(unstable)(unfixed)
ipesource(unstable)(not affected)
kdegraphicssourcesarge4:3.3.2-2sarge5DSA-1355-1
kdegraphicssourceetch4:3.5.5-3etch1DSA-1355-1
kdegraphicssourcelenny4:3.5.7-2lenny1DTSA-49-1
kdegraphicssource(unstable)4:3.5.7-3
kofficesourceetch1:1.6.1-2etch1DSA-1357-1
kofficesourcelenny1:1.6.3-1lenny1DTSA-50-1
kofficesource(unstable)1:1.6.3-2
libextractorsourcesarge0.4.2-2sarge6DSA-1349-1
libextractorsource(unstable)0.5.12-1
pdfkit.frameworksourcesarge0.8-2sarge4DSA-1352-1
pdfkit.frameworksource(unstable)0.8-4
pdftohtmlsourceetch0.36-13etch1
pdftohtmlsource(unstable)(unfixed)
popplersourceetch0.4.5-5.1etch1DSA-1348-1
popplersourcelenny0.5.4-6lenny2DTSA-62-1
popplersource(unstable)0.5.4-6.1435460
swftoolssource(unstable)0.9.2+ds1-2
tetex-binsourcesarge2.0.2-30sarge5DSA-1350-1
tetex-binsource(unstable)3.0-12
xpdfsourcesarge3.00-13.7DSA-1347-1
xpdfsourceetch3.01-9etch1DSA-1347-1
xpdfsource(unstable)3.02-1.1435462

Notes

pdftex links to poppler since 3.0-12, thus marking as fixed
- cupsys <not-affected> (unimportant; bug #436099)
- cups <not-affected> (unimportant; bug #436099)
cups uses xpdf-utils
links to poppler since 0.8-4, thus marking as fixed
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- ipe <not-affected> (Does not include the vulnerable code)

Search for package or bug name: Reporting problems