Rapid7 Vulnerability & Exploit Database

SUSE-SR:2007:015:vuln7: xpdf buffer overflow

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SR:2007:015:vuln7: xpdf buffer overflow

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

08/03/2007

Created

07/25/2018

Added

11/26/2007

Modified

11/18/2015

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Solution(s)

References

https://attackerkb.com/topics/cve-2007-3387
25124
CVE - 2007-3387
DSA-1347
DSA-1348
DSA-1349
DSA-1350
DSA-1352
DSA-1354
DSA-1355
DSA-1357
40127
OVAL11149
RHSA-2007:0720
RHSA-2007:0729
RHSA-2007:0730
RHSA-2007:0731
RHSA-2007:0732
RHSA-2007:0735
20070801-01-P
http://www.novell.com/linux/security/advisories/2007_15_sr.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;