CVE-2007-3387

CUPS - Remote Code Execution via Crafted PDF File

Title source: llm
STIX 2.1

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

References (94)

Core 94
Core References
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1596
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26251
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0730.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-496-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1355
Permissions Required, Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2705
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_16_sr.html
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26307
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1350
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26468
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/476508/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26982
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26254
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26370
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1348
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26325
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26413
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1352
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1354
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1604
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-496-2
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
Third Party Advisory x_refsource_confirm
http://www.kde.org/info/security/advisory-20070730-1.txt
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0731.html
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/40127
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26862
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200805-13.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26281
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0720.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200709-12.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25124
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26514
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26467
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26432
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26410
Issue Tracking, Third Party Advisory x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=187139
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26607
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30168
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26358
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26365
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26627
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26293
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26283
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27308
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1357
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200709-17.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26403
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0732.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1349
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26292
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26342
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26257
Issue Tracking, Third Party Advisory x_refsource_misc
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26395
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200711-34.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018473
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0729.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26188
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26278
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26425
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200710-20.xml
Permissions Required, Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2704
Broken Link x_refsource_confirm
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1347
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0735.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27281
Broken Link x_refsource_confirm
https://issues.foresightlinux.org/browse/FL-471
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26436
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26343
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26407
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26255
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27156
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26318
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26470
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_15_sr.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26297
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26405
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27637

Scores

EPSS 0.0857
EPSS Percentile 94.4%

Details

CWE
CWE-190
Status published
Products (9)
apple/cups < 1.3.11
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 6.10
canonical/ubuntu_linux 7.04
debian/debian_linux 3.1
debian/debian_linux 4.0
freedesktop/poppler < 0.5.91
gpdf_project/gpdf < 2.8.2
xpdfreader/xpdf 3.02
Published Jul 30, 2007
Tracked Since Feb 18, 2026