FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3387

This CVE name corresponds to:

Entered Topic
2007-07-31 xpdf -- stack based buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-3387
Phase Assigned(20070625)

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

References

Source Reference
BUGTRAQ 20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts
BUGTRAQ 20070814 FLEA-2007-0045-1 poppler
BUGTRAQ 20070816 FLEA-2007-0046-1 cups
MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
MISC http://bugs.gentoo.org/show_bug.cgi?id=187139
CONFIRM http://www.kde.org/info/security/advisory-20070730-1.txt
CONFIRM ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
CONFIRM https://issues.rpath.com/browse/RPL-1596
CONFIRM https://issues.foresightlinux.org/browse/FL-471
CONFIRM https://issues.rpath.com/browse/RPL-1604
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=535497
DEBIAN DSA-1347
DEBIAN DSA-1348
DEBIAN DSA-1349
DEBIAN DSA-1350
DEBIAN DSA-1352
DEBIAN DSA-1355
DEBIAN DSA-1354
DEBIAN DSA-1357
GENTOO GLSA-200709-12
GENTOO GLSA-200710-08
GENTOO GLSA-200710-20
GENTOO GLSA-200709-17
GENTOO GLSA-200711-34
GENTOO GLSA-200805-13
MANDRIVA MDKSA-2007:162
MANDRIVA MDKSA-2007:158
MANDRIVA MDKSA-2007:159
MANDRIVA MDKSA-2007:160
MANDRIVA MDKSA-2007:161
MANDRIVA MDKSA-2007:163
MANDRIVA MDKSA-2007:164
MANDRIVA MDKSA-2007:165
REDHAT RHSA-2007:0730
REDHAT RHSA-2007:0720
REDHAT RHSA-2007:0729
REDHAT RHSA-2007:0732
REDHAT RHSA-2007:0735
REDHAT RHSA-2007:0731
SGI 20070801-01-P
SLACKWARE SSA:2007-222-05
SLACKWARE SSA:2007-316-01
SUSE SUSE-SR:2007:015
SUSE SUSE-SR:2007:016
UBUNTU USN-496-1
UBUNTU USN-496-2
BID 25124
OVAL oval:org.mitre.oval:def:11149
VUPEN ADV-2007-2704
VUPEN ADV-2007-2705
OSVDB 40127
SECTRACK 1018473
SECUNIA 26188
SECUNIA 26254
SECUNIA 26255
SECUNIA 26257
SECUNIA 26278
SECUNIA 26281
SECUNIA 26283
SECUNIA 26251
SECUNIA 26293
SECUNIA 26292
SECUNIA 26307
SECUNIA 26318
SECUNIA 26342
SECUNIA 26297
SECUNIA 26343
SECUNIA 26358
SECUNIA 26325
SECUNIA 26365
SECUNIA 26370
SECUNIA 26413
SECUNIA 26410
SECUNIA 26403
SECUNIA 26405
SECUNIA 26407
SECUNIA 26432
SECUNIA 26436
SECUNIA 26467
SECUNIA 26468
SECUNIA 26470
SECUNIA 26425
SECUNIA 26395
SECUNIA 26514
SECUNIA 26607
SECUNIA 26862
SECUNIA 27156
SECUNIA 27281
SECUNIA 27308
SECUNIA 27637
SECUNIA 26627
SECUNIA 26982
SECUNIA 30168