Vulnerability Details : CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-3387
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*
Threat overview for CVE-2007-3387
Top countries where our scanners detected CVE-2007-3387
Top open port discovered on systems with this issue
631
IPs affected by CVE-2007-3387 3,036
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-3387!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-3387
8.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3387
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-3387
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-3387
-
http://secunia.com/advisories/26343
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/27156
About Secunia Research | FlexeraThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1348
[SECURITY] [DSA 1348-1] New poppler packages fix arbitrary code executionThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200711-34.xml
CSTeX: Multiple vulnerabilities (GLSA 200711-34) — Gentoo securityThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
404 Not FoundThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
MandrivaThird Party Advisory
-
http://www.vupen.com/english/advisories/2007/2704
Site en constructionPermissions Required;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0729.html
SupportThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1349
[SECURITY] [DSA 1349-1] New libextractor packages fix arbitrary code executionThird Party Advisory
-
http://www.kde.org/info/security/advisory-20070730-1.txt
Third Party Advisory
-
http://secunia.com/advisories/26470
About Secunia Research | FlexeraThird Party Advisory
-
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2007/dsa-1354
[SECURITY] [DSA 1354-1] New gpdf packages fix arbitrary code executionThird Party Advisory
-
http://secunia.com/advisories/26365
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/30168
About Secunia Research | FlexeraThird Party Advisory
-
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
Broken Link
-
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
ASA-2007-401 (RHSA-2007-0720)Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
MandrivaThird Party Advisory
-
http://secunia.com/advisories/26432
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26403
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26255
About Secunia Research | FlexeraThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200709-12.xml
Poppler: Two buffer overflow vulnerabilities (GLSA 200709-12) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/26370
About Secunia Research | FlexeraThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
MandrivaThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0735.html
SupportThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0731.html
SupportThird Party Advisory
-
http://secunia.com/advisories/26436
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26607
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26281
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26297
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/27637
About Secunia Research | FlexeraThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
MandrivaThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1357
[SECURITY] [DSA 1357-1] New koffice packages fix arbitrary code executionThird Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
SlackwareThird Party Advisory
-
http://secunia.com/advisories/26468
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26410
About Secunia Research | FlexeraThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1347
[SECURITY] [DSA 1347-1] New xpdf packages fix arbitrary code executionThird Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow (GLSA 200710-08) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/27281
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26254
About Secunia Research | FlexeraThird Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
Broken Link
-
http://secunia.com/advisories/26982
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26342
About Secunia Research | FlexeraThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
MandrivaThird Party Advisory
-
http://secunia.com/advisories/26407
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26251
About Secunia Research | FlexeraThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
MandrivaThird Party Advisory
-
http://secunia.com/advisories/26862
About Secunia Research | FlexeraThird Party Advisory
-
http://osvdb.org/40127
Broken Link
-
http://security.gentoo.org/glsa/glsa-200710-20.xml
PDFKit, ImageKits: Buffer overflow (GLSA 200710-20) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1355
[SECURITY] [DSA 1355-1] New kdegraphics packages fix arbitrary code executionThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0732.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
MandrivaThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0730.html
SupportThird Party Advisory
-
http://www.vupen.com/english/advisories/2007/2705
Site en constructionPermissions Required;Third Party Advisory
-
http://secunia.com/advisories/26307
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26405
About Secunia Research | FlexeraThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
MandrivaThird Party Advisory
-
http://secunia.com/advisories/26514
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26627
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26292
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26467
About Secunia Research | FlexeraThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200805-13.xml
PTeX: Multiple vulnerabilities (GLSA 200805-13) — Gentoo securityThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0720.html
SupportThird Party Advisory
-
https://issues.foresightlinux.org/browse/FL-471
Broken Link
-
http://sourceforge.net/project/shownotes.php?release_id=535497
Page not found - SourceForge.netBroken Link
-
http://www.novell.com/linux/security/advisories/2007_15_sr.html
Security - Support | SUSEBroken Link
-
https://issues.rpath.com/browse/RPL-1596
Broken Link
-
http://secunia.com/advisories/27308
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26395
About Secunia Research | FlexeraThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1350
[SECURITY] [DSA 1350-1] New tetex-bin packages fix arbitrary code executionThird Party Advisory
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
248194 – (CVE-2007-3387) CVE-2007-3387 xpdf integer overflowIssue Tracking;Third Party Advisory
-
http://secunia.com/advisories/26257
About Secunia Research | FlexeraThird Party Advisory
-
http://www.novell.com/linux/security/advisories/2007_16_sr.html
404 Page Not Found | SUSEBroken Link
-
http://www.debian.org/security/2007/dsa-1352
[SECURITY] [DSA 1352-1] New pdfkit.framework packages fix arbitrary code executionThird Party Advisory
-
http://secunia.com/advisories/26425
About Secunia Research | FlexeraThird Party Advisory
-
http://www.securitytracker.com/id?1018473
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/26188
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26318
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26283
About Secunia Research | FlexeraThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200709-17.xml
teTeX: Multiple buffer overflows (GLSA 200709-17) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/26358
About Secunia Research | FlexeraThird Party Advisory
-
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/26325
About Secunia Research | FlexeraThird Party Advisory
-
http://www.securityfocus.com/bid/25124
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/26413
About Secunia Research | FlexeraThird Party Advisory
-
http://www.ubuntu.com/usn/usn-496-2
500: Server error | UbuntuThird Party Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=187139
187139 – app-office/{koffice,kword}, kde-base/{kdegraphics,kpdf} - stack based buffer overflow (CVE-2007-3387)Issue Tracking;Third Party Advisory
-
http://www.securityfocus.com/archive/1/476508/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-496-1
USN-496-1: koffice vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://secunia.com/advisories/26293
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/26278
About Secunia Research | FlexeraThird Party Advisory
-
https://issues.rpath.com/browse/RPL-1604
Broken Link
Jump to