Rapid7 Vulnerability & Exploit Database

USN-496-2: poppler vulnerability

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-496-2: poppler vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

07/30/2007

Created

07/25/2018

Added

05/06/2013

Modified

07/09/2020

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Solution(s)

ubuntu-upgrade-libpoppler1

References

https://attackerkb.com/topics/cve-2007-3387
25124
CVE - 2007-3387
DSA-1347
DSA-1348
DSA-1349
DSA-1350
DSA-1352
DSA-1354
DSA-1355
DSA-1357
40127
OVAL11149
RHSA-2007:0720
RHSA-2007:0729
RHSA-2007:0730
RHSA-2007:0731
RHSA-2007:0732
RHSA-2007:0735
20070801-01-P
USN-496-2

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

USN-496-2: poppler vulnerability

USN-496-2: poppler vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.