Vulnerability Report

CVE-2007-3387

RCE

Title: Xpdfreader Xpdf RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2007-3387.

CWE Category CWE-190
Published Date Jul 30, 2007
Modified Date Apr 09, 2025
Exploit Status Not Found
Score 6.8 CVSS v2.0
Exploit Probability (EPSS)
25.21%

Vulnerability Summary

CVE-2007-3387: Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Impacted Vendors

X
xpdf 1
E
easy_software_products 1
P
poppler 1
X
xpdfreader 1
F
foolabs 1
A
apple 1
G
gnome 1
F
freedesktop 1
G
gpdf_project 1

Reference Links

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=187139 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 http://osvdb.org/40127 http://secunia.com/advisories/26188 http://secunia.com/advisories/26251 http://secunia.com/advisories/26254 http://secunia.com/advisories/26255 http://secunia.com/advisories/26257 http://secunia.com/advisories/26278 http://secunia.com/advisories/26281 http://secunia.com/advisories/26283 http://secunia.com/advisories/26292 http://secunia.com/advisories/26293 http://secunia.com/advisories/26297 http://secunia.com/advisories/26307 http://secunia.com/advisories/26318 http://secunia.com/advisories/26325 http://secunia.com/advisories/26342 http://secunia.com/advisories/26343 http://secunia.com/advisories/26358 http://secunia.com/advisories/26365 http://secunia.com/advisories/26370 http://secunia.com/advisories/26395 http://secunia.com/advisories/26403 http://secunia.com/advisories/26405 http://secunia.com/advisories/26407 http://secunia.com/advisories/26410 http://secunia.com/advisories/26413 http://secunia.com/advisories/26425 http://secunia.com/advisories/26432 http://secunia.com/advisories/26436 http://secunia.com/advisories/26467 http://secunia.com/advisories/26468 http://secunia.com/advisories/26470 http://secunia.com/advisories/26514 http://secunia.com/advisories/26607 http://secunia.com/advisories/26627 http://secunia.com/advisories/26862 http://secunia.com/advisories/26982 http://secunia.com/advisories/27156 http://secunia.com/advisories/27281 http://secunia.com/advisories/27308 http://secunia.com/advisories/27637 http://secunia.com/advisories/30168 http://security.gentoo.org/glsa/glsa-200709-12.xml http://security.gentoo.org/glsa/glsa-200709-17.xml http://security.gentoo.org/glsa/glsa-200710-20.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 http://sourceforge.net/project/shownotes.php?release_id=535497 http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm http://www.debian.org/security/2007/dsa-1347 http://www.debian.org/security/2007/dsa-1348 http://www.debian.org/security/2007/dsa-1349 http://www.debian.org/security/2007/dsa-1350 http://www.debian.org/security/2007/dsa-1352 http://www.debian.org/security/2007/dsa-1354 http://www.debian.org/security/2007/dsa-1355 http://www.debian.org/security/2007/dsa-1357 http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml http://www.kde.org/info/security/advisory-20070730-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.novell.com/linux/security/advisories/2007_16_sr.html http://www.redhat.com/support/errata/RHSA-2007-0720.html http://www.redhat.com/support/errata/RHSA-2007-0729.html http://www.redhat.com/support/errata/RHSA-2007-0730.html http://www.redhat.com/support/errata/RHSA-2007-0731.html http://www.redhat.com/support/errata/RHSA-2007-0732.html http://www.redhat.com/support/errata/RHSA-2007-0735.html http://www.securityfocus.com/archive/1/476508/100/0/threaded http://www.securityfocus.com/archive/1/476519/30/5400/threaded http://www.securityfocus.com/archive/1/476765/30/5340/threaded http://www.securityfocus.com/bid/25124 http://www.securitytracker.com/id?1018473 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 http://www.ubuntu.com/usn/usn-496-1 http://www.ubuntu.com/usn/usn-496-2 http://www.vupen.com/english/advisories/2007/2704 http://www.vupen.com/english/advisories/2007/2705 https://issues.foresightlinux.org/browse/FL-471 https://issues.rpath.com/browse/RPL-1596 https://issues.rpath.com/browse/RPL-1604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149 ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=187139 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 http://osvdb.org/40127 http://secunia.com/advisories/26188 http://secunia.com/advisories/26251 http://secunia.com/advisories/26254 http://secunia.com/advisories/26255 http://secunia.com/advisories/26257 http://secunia.com/advisories/26278 http://secunia.com/advisories/26281 http://secunia.com/advisories/26283 http://secunia.com/advisories/26292 http://secunia.com/advisories/26293 http://secunia.com/advisories/26297 http://secunia.com/advisories/26307 http://secunia.com/advisories/26318 http://secunia.com/advisories/26325 http://secunia.com/advisories/26342 http://secunia.com/advisories/26343 http://secunia.com/advisories/26358 http://secunia.com/advisories/26365 http://secunia.com/advisories/26370 http://secunia.com/advisories/26395 http://secunia.com/advisories/26403 http://secunia.com/advisories/26405 http://secunia.com/advisories/26407 http://secunia.com/advisories/26410 http://secunia.com/advisories/26413 http://secunia.com/advisories/26425 http://secunia.com/advisories/26432 http://secunia.com/advisories/26436 http://secunia.com/advisories/26467 http://secunia.com/advisories/26468 http://secunia.com/advisories/26470 http://secunia.com/advisories/26514 http://secunia.com/advisories/26607 http://secunia.com/advisories/26627 http://secunia.com/advisories/26862 http://secunia.com/advisories/26982 http://secunia.com/advisories/27156 http://secunia.com/advisories/27281 http://secunia.com/advisories/27308 http://secunia.com/advisories/27637 http://secunia.com/advisories/30168 http://security.gentoo.org/glsa/glsa-200709-12.xml http://security.gentoo.org/glsa/glsa-200709-17.xml http://security.gentoo.org/glsa/glsa-200710-20.xml http://security.gentoo.org/glsa/glsa-200711-34.xml http://security.gentoo.org/glsa/glsa-200805-13.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 http://sourceforge.net/project/shownotes.php?release_id=535497 http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm http://www.debian.org/security/2007/dsa-1347 http://www.debian.org/security/2007/dsa-1348 http://www.debian.org/security/2007/dsa-1349 http://www.debian.org/security/2007/dsa-1350 http://www.debian.org/security/2007/dsa-1352 http://www.debian.org/security/2007/dsa-1354 http://www.debian.org/security/2007/dsa-1355 http://www.debian.org/security/2007/dsa-1357 http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml http://www.kde.org/info/security/advisory-20070730-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.novell.com/linux/security/advisories/2007_16_sr.html http://www.redhat.com/support/errata/RHSA-2007-0720.html http://www.redhat.com/support/errata/RHSA-2007-0729.html http://www.redhat.com/support/errata/RHSA-2007-0730.html http://www.redhat.com/support/errata/RHSA-2007-0731.html http://www.redhat.com/support/errata/RHSA-2007-0732.html http://www.redhat.com/support/errata/RHSA-2007-0735.html http://www.securityfocus.com/archive/1/476508/100/0/threaded http://www.securityfocus.com/archive/1/476519/30/5400/threaded http://www.securityfocus.com/archive/1/476765/30/5340/threaded http://www.securityfocus.com/bid/25124 http://www.securitytracker.com/id?1018473 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 http://www.ubuntu.com/usn/usn-496-1 http://www.ubuntu.com/usn/usn-496-2 http://www.vupen.com/english/advisories/2007/2704 http://www.vupen.com/english/advisories/2007/2705 https://issues.foresightlinux.org/browse/FL-471 https://issues.rpath.com/browse/RPL-1596 https://issues.rpath.com/browse/RPL-1604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
6.8
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-3387 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.