[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3387Date: (C)2007-07-30   (M)2023-12-22


Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1018473
20070801-01-P
http://www.securityfocus.com/archive/1/476508/100/0/threaded
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
BID-25124
SECUNIA-26188
SECUNIA-26251
SECUNIA-26254
SECUNIA-26255
SECUNIA-26257
SECUNIA-26278
SECUNIA-26281
SECUNIA-26283
SECUNIA-26292
SECUNIA-26293
SECUNIA-26297
SECUNIA-26307
SECUNIA-26318
SECUNIA-26325
SECUNIA-26342
SECUNIA-26343
SECUNIA-26358
SECUNIA-26365
SECUNIA-26370
SECUNIA-26395
SECUNIA-26403
SECUNIA-26405
SECUNIA-26407
SECUNIA-26410
SECUNIA-26413
SECUNIA-26425
SECUNIA-26432
SECUNIA-26436
SECUNIA-26467
SECUNIA-26468
SECUNIA-26470
SECUNIA-26514
SECUNIA-26607
SECUNIA-26627
SECUNIA-26862
SECUNIA-26982
SECUNIA-27156
SECUNIA-27281
SECUNIA-27308
SECUNIA-27637
SECUNIA-30168
OSVDB-40127
ADV-2007-2704
ADV-2007-2705
DSA-1347
DSA-1348
DSA-1349
DSA-1350
DSA-1352
DSA-1354
DSA-1355
DSA-1357
GLSA-200709-12
GLSA-200709-17
GLSA-200710-08
GLSA-200710-20
GLSA-200711-34
GLSA-200805-13
MDKSA-2007:158
MDKSA-2007:159
MDKSA-2007:160
MDKSA-2007:161
MDKSA-2007:162
MDKSA-2007:163
MDKSA-2007:164
MDKSA-2007:165
RHSA-2007:0720
RHSA-2007:0729
RHSA-2007:0730
RHSA-2007:0731
RHSA-2007:0732
RHSA-2007:0735
SSA:2007-222-05
SSA:2007-316-01
SUSE-SR:2007:015
SUSE-SR:2007:016
USN-496-1
USN-496-2
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://sourceforge.net/project/shownotes.php?release_id=535497
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
http://www.kde.org/info/security/advisory-20070730-1.txt
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604
oval:org.mitre.oval:def:11149

CWE    1
CWE-190

© SecPod Technologies