6.8

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleCups Version <= 1.3.11
FreedesktopPoppler Version < 0.5.91
Gpdf ProjectGpdf Version < 2.8.2
XpdfreaderXpdf Version3.02
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.57% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://secunia.com/advisories/26413
Third Party Advisory
http://secunia.com/advisories/26982
Third Party Advisory
http://secunia.com/advisories/30168
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200709-17.xml
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-34.xml
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200805-13.xml
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_15_sr.html
Broken Link
http://secunia.com/advisories/26467
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
Third Party Advisory
http://secunia.com/advisories/26395
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_16_sr.html
Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
Broken Link
http://secunia.com/advisories/26607
Third Party Advisory
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
Broken Link
http://bugs.gentoo.org/show_bug.cgi?id=187139
Third Party Advisory
Issue Tracking
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
Third Party Advisory
Issue Tracking
http://osvdb.org/40127
Broken Link
http://secunia.com/advisories/26188
Third Party Advisory
http://secunia.com/advisories/26251
Third Party Advisory
http://secunia.com/advisories/26254
Third Party Advisory
http://secunia.com/advisories/26255
Third Party Advisory
http://secunia.com/advisories/26257
Third Party Advisory
http://secunia.com/advisories/26278
Third Party Advisory
http://secunia.com/advisories/26281
Third Party Advisory
http://secunia.com/advisories/26283
Third Party Advisory
http://secunia.com/advisories/26292
Third Party Advisory
http://secunia.com/advisories/26293
Third Party Advisory
http://secunia.com/advisories/26297
Third Party Advisory
http://secunia.com/advisories/26307
Third Party Advisory
http://secunia.com/advisories/26318
Third Party Advisory
http://secunia.com/advisories/26325
Third Party Advisory
http://secunia.com/advisories/26342
Third Party Advisory
http://secunia.com/advisories/26343
Third Party Advisory
http://secunia.com/advisories/26358
Third Party Advisory
http://secunia.com/advisories/26365
Third Party Advisory
http://secunia.com/advisories/26370
Third Party Advisory
http://secunia.com/advisories/26403
Third Party Advisory
http://secunia.com/advisories/26405
Third Party Advisory
http://secunia.com/advisories/26407
Third Party Advisory
http://secunia.com/advisories/26410
Third Party Advisory
http://secunia.com/advisories/26425
Third Party Advisory
http://secunia.com/advisories/26432
Third Party Advisory
http://secunia.com/advisories/26436
Third Party Advisory
http://secunia.com/advisories/26468
Third Party Advisory
http://secunia.com/advisories/26470
Third Party Advisory
http://secunia.com/advisories/26514
Third Party Advisory
http://secunia.com/advisories/26627
Third Party Advisory
http://secunia.com/advisories/26862
Third Party Advisory
http://secunia.com/advisories/27156
Third Party Advisory
http://secunia.com/advisories/27281
Third Party Advisory
http://secunia.com/advisories/27308
Third Party Advisory
http://secunia.com/advisories/27637
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200709-12.xml
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200710-20.xml
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=535497
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
Third Party Advisory
http://www.debian.org/security/2007/dsa-1347
Third Party Advisory
http://www.debian.org/security/2007/dsa-1348
Third Party Advisory
http://www.debian.org/security/2007/dsa-1349
Third Party Advisory
http://www.debian.org/security/2007/dsa-1350
Third Party Advisory
http://www.debian.org/security/2007/dsa-1352
Third Party Advisory
http://www.debian.org/security/2007/dsa-1354
Third Party Advisory
http://www.debian.org/security/2007/dsa-1355
Third Party Advisory
http://www.debian.org/security/2007/dsa-1357
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
Third Party Advisory
http://www.kde.org/info/security/advisory-20070730-1.txt
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0720.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0729.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0730.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0731.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0732.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0735.html
Third Party Advisory
http://www.securityfocus.com/archive/1/476508/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/25124
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018473
Third Party Advisory
VDB Entry
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
Third Party Advisory
http://www.ubuntu.com/usn/usn-496-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-496-2
Third Party Advisory
http://www.vupen.com/english/advisories/2007/2704
Third Party Advisory
Permissions Required
http://www.vupen.com/english/advisories/2007/2705
Third Party Advisory
Permissions Required
https://issues.foresightlinux.org/browse/FL-471
Broken Link
https://issues.rpath.com/browse/RPL-1596
Broken Link
https://issues.rpath.com/browse/RPL-1604
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
Third Party Advisory