CVE-2007-3387

2007-07-3023:17:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.065

Percentile

93.8%

JSON

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

OSVersionArchitecturePackageVersionFilename
Debian12allcups< 2.4.2-3+deb12u7cups_2.4.2-3+deb12u7_all.deb
Debian11allcups< 2.3.3op2-3+deb11u8cups_2.3.3op2-3+deb11u8_all.deb
Debian999allcups< 2.4.10-2cups_2.4.10-2_all.deb
Debian13allcups< 2.4.10-1cups_2.4.10-1_all.deb
Debian12allipe< 7.2.26+dfsg1-3ipe_7.2.26+dfsg1-3_all.deb
Debian11allipe< 7.2.23+dfsg1-2ipe_7.2.23+dfsg1-2_all.deb
Debian999allipe< 7.2.30-1ipe_7.2.30-1_all.deb
Debian13allipe< 7.2.30-1ipe_7.2.30-1_all.deb
Debian12alllibextractor< 0.5.12-1libextractor_0.5.12-1_all.deb
Debian11alllibextractor< 0.5.12-1libextractor_0.5.12-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cups	< 2.4.2-3+deb12u7	cups_2.4.2-3+deb12u7_all.deb
Debian	11	all	cups	< 2.3.3op2-3+deb11u8	cups_2.3.3op2-3+deb11u8_all.deb
Debian	999	all	cups	< 2.4.10-2	cups_2.4.10-2_all.deb
Debian	13	all	cups	< 2.4.10-1	cups_2.4.10-1_all.deb
Debian	12	all	ipe	< 7.2.26+dfsg1-3	ipe_7.2.26+dfsg1-3_all.deb
Debian	11	all	ipe	< 7.2.23+dfsg1-2	ipe_7.2.23+dfsg1-2_all.deb
Debian	999	all	ipe	< 7.2.30-1	ipe_7.2.30-1_all.deb
Debian	13	all	ipe	< 7.2.30-1	ipe_7.2.30-1_all.deb
Debian	12	all	libextractor	< 0.5.12-1	libextractor_0.5.12-1_all.deb
Debian	11	all	libextractor	< 0.5.12-1	libextractor_0.5.12-1_all.deb