FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xpdf -- stack based buffer overflow

Affected packages
xpdf < 3.02_2
kdegraphics < 3.5.7_1
cups-base < 1.2.11_3
0 < gpdf
pdftohtml < 0.39_3
poppler < 0.5.9_4

Details

VuXML ID 0e43a14d-3f3f-11dc-a79a-0016179b2dd5
Discovery 2007-07-30
Entry 2007-07-31
Modified 2009-04-29

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.

References

Bugtraq ID 25124
CVE Name CVE-2007-3387
URL http://www.kde.org/info/security/advisory-20070730-1.txt