Search for vulnerabilities
Vulnerability details: VCID-ueq1-1pn9-aaaf
Vulnerability ID VCID-ueq1-1pn9-aaaf
Aliases CVE-2007-3387
Summary Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:0720
rhas Important https://access.redhat.com/errata/RHSA-2007:0729
rhas Important https://access.redhat.com/errata/RHSA-2007:0730
rhas Important https://access.redhat.com/errata/RHSA-2007:0731
rhas Important https://access.redhat.com/errata/RHSA-2007:0732
rhas Important https://access.redhat.com/errata/RHSA-2007:0735
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.06473 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.08728 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.11401 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.11401 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.11401 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.25701 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.57756 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.57756 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.57756 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
epss 0.57756 https://api.first.org/data/v1/epss?cve=CVE-2007-3387
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=248194
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-3387
Reference id Reference type URL
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://osvdb.org/40127
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3387.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://secunia.com/advisories/26188
http://secunia.com/advisories/26251
http://secunia.com/advisories/26254
http://secunia.com/advisories/26255
http://secunia.com/advisories/26257
http://secunia.com/advisories/26278
http://secunia.com/advisories/26281
http://secunia.com/advisories/26283
http://secunia.com/advisories/26292
http://secunia.com/advisories/26293
http://secunia.com/advisories/26297
http://secunia.com/advisories/26307
http://secunia.com/advisories/26318
http://secunia.com/advisories/26325
http://secunia.com/advisories/26342
http://secunia.com/advisories/26343
http://secunia.com/advisories/26358
http://secunia.com/advisories/26365
http://secunia.com/advisories/26370
http://secunia.com/advisories/26395
http://secunia.com/advisories/26403
http://secunia.com/advisories/26405
http://secunia.com/advisories/26407
http://secunia.com/advisories/26410
http://secunia.com/advisories/26413
http://secunia.com/advisories/26425
http://secunia.com/advisories/26432
http://secunia.com/advisories/26436
http://secunia.com/advisories/26467
http://secunia.com/advisories/26468
http://secunia.com/advisories/26470
http://secunia.com/advisories/26514
http://secunia.com/advisories/26607
http://secunia.com/advisories/26627
http://secunia.com/advisories/26862
http://secunia.com/advisories/26982
http://secunia.com/advisories/27156
http://secunia.com/advisories/27281
http://secunia.com/advisories/27308
http://secunia.com/advisories/27637
http://secunia.com/advisories/30168
http://security.gentoo.org/glsa/glsa-200709-12.xml
http://security.gentoo.org/glsa/glsa-200709-17.xml
http://security.gentoo.org/glsa/glsa-200710-20.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://sourceforge.net/project/shownotes.php?release_id=535497
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
http://www.debian.org/security/2007/dsa-1347
http://www.debian.org/security/2007/dsa-1348
http://www.debian.org/security/2007/dsa-1349
http://www.debian.org/security/2007/dsa-1350
http://www.debian.org/security/2007/dsa-1352
http://www.debian.org/security/2007/dsa-1354
http://www.debian.org/security/2007/dsa-1355
http://www.debian.org/security/2007/dsa-1357
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
http://www.kde.org/info/security/advisory-20070730-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.novell.com/linux/security/advisories/2007_16_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0720.html
http://www.redhat.com/support/errata/RHSA-2007-0729.html
http://www.redhat.com/support/errata/RHSA-2007-0730.html
http://www.redhat.com/support/errata/RHSA-2007-0731.html
http://www.redhat.com/support/errata/RHSA-2007-0732.html
http://www.redhat.com/support/errata/RHSA-2007-0735.html
http://www.securityfocus.com/archive/1/476508/100/0/threaded
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
http://www.securityfocus.com/bid/25124
http://www.securitytracker.com/id?1018473
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
http://www.ubuntu.com/usn/usn-496-1
http://www.ubuntu.com/usn/usn-496-2
http://www.vupen.com/english/advisories/2007/2704
http://www.vupen.com/english/advisories/2007/2705
248194 https://bugzilla.redhat.com/show_bug.cgi?id=248194
435460 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435460
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2007-3387 https://nvd.nist.gov/vuln/detail/CVE-2007-3387
GLSA-200709-12 https://security.gentoo.org/glsa/200709-12
GLSA-200709-17 https://security.gentoo.org/glsa/200709-17
GLSA-200710-08 https://security.gentoo.org/glsa/200710-08
GLSA-200710-20 https://security.gentoo.org/glsa/200710-20
RHSA-2007:0720 https://access.redhat.com/errata/RHSA-2007:0720
RHSA-2007:0729 https://access.redhat.com/errata/RHSA-2007:0729
RHSA-2007:0730 https://access.redhat.com/errata/RHSA-2007:0730
RHSA-2007:0731 https://access.redhat.com/errata/RHSA-2007:0731
RHSA-2007:0732 https://access.redhat.com/errata/RHSA-2007:0732
RHSA-2007:0735 https://access.redhat.com/errata/RHSA-2007:0735
USN-496-1 https://usn.ubuntu.com/496-1/
USN-496-2 https://usn.ubuntu.com/496-2/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3387
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93913
EPSS Score 0.06473
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.