Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
bugs.gentoo.org/show_bug.cgi?id=187139
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
osvdb.org/40127
secunia.com/advisories/26188
secunia.com/advisories/26251
secunia.com/advisories/26254
secunia.com/advisories/26255
secunia.com/advisories/26257
secunia.com/advisories/26278
secunia.com/advisories/26281
secunia.com/advisories/26283
secunia.com/advisories/26292
secunia.com/advisories/26293
secunia.com/advisories/26297
secunia.com/advisories/26307
secunia.com/advisories/26318
secunia.com/advisories/26325
secunia.com/advisories/26342
secunia.com/advisories/26343
secunia.com/advisories/26358
secunia.com/advisories/26365
secunia.com/advisories/26370
secunia.com/advisories/26395
secunia.com/advisories/26403
secunia.com/advisories/26405
secunia.com/advisories/26407
secunia.com/advisories/26410
secunia.com/advisories/26413
secunia.com/advisories/26425
secunia.com/advisories/26432
secunia.com/advisories/26436
secunia.com/advisories/26467
secunia.com/advisories/26468
secunia.com/advisories/26470
secunia.com/advisories/26514
secunia.com/advisories/26607
secunia.com/advisories/26627
secunia.com/advisories/26862
secunia.com/advisories/26982
secunia.com/advisories/27156
secunia.com/advisories/27281
secunia.com/advisories/27308
secunia.com/advisories/27637
secunia.com/advisories/30168
security.gentoo.org/glsa/glsa-200709-12.xml
security.gentoo.org/glsa/glsa-200709-17.xml
security.gentoo.org/glsa/glsa-200710-20.xml
security.gentoo.org/glsa/glsa-200711-34.xml
security.gentoo.org/glsa/glsa-200805-13.xml
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
sourceforge.net/project/shownotes.php?release_id=535497
support.avaya.com/elmodocs2/security/ASA-2007-401.htm
www.debian.org/security/2007/dsa-1347
www.debian.org/security/2007/dsa-1348
www.debian.org/security/2007/dsa-1349
www.debian.org/security/2007/dsa-1350
www.debian.org/security/2007/dsa-1352
www.debian.org/security/2007/dsa-1354
www.debian.org/security/2007/dsa-1355
www.debian.org/security/2007/dsa-1357
www.gentoo.org/security/en/glsa/glsa-200710-08.xml
www.kde.org/info/security/advisory-20070730-1.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:158
www.mandriva.com/security/advisories?name=MDKSA-2007:159
www.mandriva.com/security/advisories?name=MDKSA-2007:160
www.mandriva.com/security/advisories?name=MDKSA-2007:161
www.mandriva.com/security/advisories?name=MDKSA-2007:162
www.mandriva.com/security/advisories?name=MDKSA-2007:163
www.mandriva.com/security/advisories?name=MDKSA-2007:164
www.mandriva.com/security/advisories?name=MDKSA-2007:165
www.novell.com/linux/security/advisories/2007_15_sr.html
www.novell.com/linux/security/advisories/2007_16_sr.html
www.redhat.com/support/errata/RHSA-2007-0720.html
www.redhat.com/support/errata/RHSA-2007-0729.html
www.redhat.com/support/errata/RHSA-2007-0730.html
www.redhat.com/support/errata/RHSA-2007-0731.html
www.redhat.com/support/errata/RHSA-2007-0732.html
www.redhat.com/support/errata/RHSA-2007-0735.html
www.securityfocus.com/archive/1/476508/100/0/threaded
www.securityfocus.com/archive/1/476519/30/5400/threaded
www.securityfocus.com/archive/1/476765/30/5340/threaded
www.securityfocus.com/bid/25124
www.securitytracker.com/id?1018473
www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
www.ubuntu.com/usn/usn-496-1
www.ubuntu.com/usn/usn-496-2
www.vupen.com/english/advisories/2007/2704
www.vupen.com/english/advisories/2007/2705
issues.foresightlinux.org/browse/FL-471
issues.rpath.com/browse/RPL-1596
issues.rpath.com/browse/RPL-1604
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149