CVE-2007-3387
poppler - buffer overflow
EPSS 25.2%
Description
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
How to fix CVE-2007-3387
To remediate CVE-2007-3387, upgrade the affected package to a fixed version below.
- Debian/gpdf—upgrade to 2.8.2-1.2sarge6 or later
- Debian/kdegraphics—upgrade to 4:3.5.7-2lenny1 or later
- —upgrade to 4:3.3.2-2sarge5 or later
- —upgrade to 1:1.6.3-1lenny1 or later
- —upgrade to 1:1.6.1-2etch1 or later
- —upgrade to 0.5.12-1 or later
- —upgrade to 0.4.2-2sarge6 or later
- —upgrade to 0.8-2sarge4 or later
- —upgrade to 0.5.4-6lenny2 or later
- —upgrade to 0.5.4-6.1 or later
- —upgrade to 0.4.5-5.1etch1 or later
- —upgrade to 0.5.4-6lenny1 or later
- —upgrade to 2.0.2-30sarge5 or later
- —upgrade to 3.02-1.1 or later
- —upgrade to 3.01-9etch1 or later
Is CVE-2007-3387 being exploited?
Moderate — EPSS is 25.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (15)
- from 0, < 2.8.2-1.2sarge6
- from 0, < 4:3.5.7-2lenny1
- from 0, < 4:3.3.2-2sarge5
- from 0, < 1:1.6.3-1lenny1
- from 0, < 1:1.6.1-2etch1
- from 0, < 0.5.12-1
- from 0, < 0.4.2-2sarge6
- from 0, < 0.8-2sarge4
- from 0, < 0.5.4-6lenny2
- from 0, < 0.5.4-6.1
- from 0, < 0.4.5-5.1etch1