Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-3387

Disclosure Date: July 30, 2007
CVE-2007-3387
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple,
  • canonical,
  • debian,
  • freedesktop,
  • gpdf project,
  • xpdfreader

Products

  • cups,
  • debian linux 3.1,
  • debian linux 4.0,
  • gpdf,
  • poppler,
  • ubuntu linux 6.06,
  • ubuntu linux 6.10,
  • ubuntu linux 7.04,
  • xpdf 3.02

References

Canonical
CVE-2007-3387 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387)
BID-25124 (http://www.securityfocus.com/bid/25124)
Advisory
http://www.redhat.com/support/errata/RHSA-2007-0730.html
USN-496-1 (http://www.ubuntu.com/usn/usn-496-1)
DSA-1355 (http://www.debian.org/security/2007/dsa-1355)
ADV-2007-2705 (http://www.vupen.com/english/advisories/2007/2705)
http://www.novell.com/linux/security/advisories/2007_16_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
https://issues.rpath.com/browse/RPL-1596
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
SECUNIA-26307 (http://secunia.com/advisories/26307)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
DSA-1350 (http://www.debian.org/security/2007/dsa-1350)
20070814 FLEA-2007-0045-1 poppler (http://www.securityfocus.com/archive/1/476519/30/5400/threaded)
SECUNIA-26468 (http://secunia.com/advisories/26468)
20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts (http://www.securityfocus.com/archive/1/476508/100/0/threaded)
SECUNIA-26982 (http://secunia.com/advisories/26982)
SECUNIA-26254 (http://secunia.com/advisories/26254)
SECUNIA-26370 (http://secunia.com/advisories/26370)
DSA-1348 (http://www.debian.org/security/2007/dsa-1348)
SECUNIA-26325 (http://secunia.com/advisories/26325)
SECUNIA-26413 (http://secunia.com/advisories/26413)
DSA-1352 (http://www.debian.org/security/2007/dsa-1352)
GLSA-200710-08 (http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml)
DSA-1354 (http://www.debian.org/security/2007/dsa-1354)
https://issues.rpath.com/browse/RPL-1604
http://sourceforge.net/project/shownotes.php?release_id=535497
USN-496-2 (http://www.ubuntu.com/usn/usn-496-2)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
http://www.kde.org/info/security/advisory-20070730-1.txt
http://www.redhat.com/support/errata/RHSA-2007-0731.html
OSVDB-40127 (http://osvdb.org/40127)
SECUNIA-26862 (http://secunia.com/advisories/26862)
GLSA-200805-13 (http://security.gentoo.org/glsa/glsa-200805-13.xml)
SECUNIA-26281 (http://secunia.com/advisories/26281)
http://www.redhat.com/support/errata/RHSA-2007-0720.html
GLSA-200709-12 (http://security.gentoo.org/glsa/glsa-200709-12.xml)
SECUNIA-26514 (http://secunia.com/advisories/26514)
SECUNIA-26467 (http://secunia.com/advisories/26467)
SECUNIA-26432 (http://secunia.com/advisories/26432)
SECUNIA-26410 (http://secunia.com/advisories/26410)
SECUNIA-26607 (http://secunia.com/advisories/26607)
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
SECUNIA-30168 (http://secunia.com/advisories/30168)
SECUNIA-26358 (http://secunia.com/advisories/26358)
SECUNIA-26365 (http://secunia.com/advisories/26365)
SECUNIA-26627 (http://secunia.com/advisories/26627)
SECUNIA-26293 (http://secunia.com/advisories/26293)
SECUNIA-26283 (http://secunia.com/advisories/26283)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
SECUNIA-27308 (http://secunia.com/advisories/27308)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
DSA-1357 (http://www.debian.org/security/2007/dsa-1357)
GLSA-200709-17 (http://security.gentoo.org/glsa/glsa-200709-17.xml)
SECUNIA-26403 (http://secunia.com/advisories/26403)
http://www.redhat.com/support/errata/RHSA-2007-0732.html
DSA-1349 (http://www.debian.org/security/2007/dsa-1349)
SECUNIA-26251 (http://secunia.com/advisories/26251)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
SECUNIA-26292 (http://secunia.com/advisories/26292)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
SECUNIA-26342 (http://secunia.com/advisories/26342)
SECUNIA-26257 (http://secunia.com/advisories/26257)
SECUNIA-26395 (http://secunia.com/advisories/26395)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
GLSA-200711-34 (http://security.gentoo.org/glsa/glsa-200711-34.xml)
SECTRACK-1018473 (http://www.securitytracker.com/id?1018473)
http://www.redhat.com/support/errata/RHSA-2007-0729.html
SECUNIA-26188 (http://secunia.com/advisories/26188)
SECUNIA-26278 (http://secunia.com/advisories/26278)
SECUNIA-26425 (http://secunia.com/advisories/26425)
GLSA-200710-20 (http://security.gentoo.org/glsa/glsa-200710-20.xml)
ADV-2007-2704 (http://www.vupen.com/english/advisories/2007/2704)
DSA-1347 (http://www.debian.org/security/2007/dsa-1347)
http://www.redhat.com/support/errata/RHSA-2007-0735.html
20070816 FLEA-2007-0046-1 cups (http://www.securityfocus.com/archive/1/476765/30/5340/threaded)
SECUNIA-27281 (http://secunia.com/advisories/27281)
https://issues.foresightlinux.org/browse/FL-471
SECUNIA-26436 (http://secunia.com/advisories/26436)
SECUNIA-26343 (http://secunia.com/advisories/26343)
SECUNIA-26407 (http://secunia.com/advisories/26407)
SECUNIA-26255 (http://secunia.com/advisories/26255)
SECUNIA-27156 (http://secunia.com/advisories/27156)
SECUNIA-26318 (http://secunia.com/advisories/26318)
SECUNIA-26470 (http://secunia.com/advisories/26470)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
SECUNIA-26297 (http://secunia.com/advisories/26297)
SECUNIA-26405 (http://secunia.com/advisories/26405)
SECUNIA-27637 (http://secunia.com/advisories/27637)
Miscellaneous
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
https://access.redhat.com/errata/RHSA-2007:0720
https://access.redhat.com/errata/RHSA-2007:0729
https://access.redhat.com/errata/RHSA-2007:0730
https://access.redhat.com/errata/RHSA-2007:0731
https://access.redhat.com/errata/RHSA-2007:0732
https://access.redhat.com/errata/RHSA-2007:0735
https://access.redhat.com/security/cve/CVE-2007-3387
https://bugzilla.redhat.com/show_bug.cgi?id=248194

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis