CVE-2007-3387
Published: 30 July 2007
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Priority
Status
Package | Release | Status |
---|---|---|
xpdf Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Ignored
(end of life)
|
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(3.02-1.1ubuntu1)
|
|
hardy |
Released
(3.02-1.1ubuntu1)
|
|
intrepid |
Released
(3.02-1.1ubuntu1)
|
|
jaunty |
Released
(3.02-1.1ubuntu1)
|
|
karmic |
Released
(3.02-1.1ubuntu1)
|
|
kdegraphics Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
koffice Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0-0ubuntu9.2)
|
edgy |
Released
(1.5.2-0ubuntu2.2)
|
|
feisty |
Released
(1.6.2-0ubuntu1.1)
|
|
gutsy |
Released
(1.6.3-0ubuntu5)
|
|
hardy |
Released
(1.6.3-0ubuntu5)
|
|
intrepid |
Released
(1.6.3-0ubuntu5)
|
|
jaunty |
Released
(1.6.3-0ubuntu5)
|
|
karmic |
Released
(1.6.3-0ubuntu5)
|
|
upstream |
Needs triage
|
|
poppler Launchpad, Ubuntu, Debian |
dapper |
Released
(0.5.1-0ubuntu7.2)
|
edgy |
Released
(0.5.4-0ubuntu4.2)
|
|
feisty |
Released
(0.5.4-0ubuntu8.1)
|
|
gutsy |
Released
(0.6-0ubuntu1)
|
|
hardy |
Released
(0.6-0ubuntu1)
|
|
intrepid |
Released
(0.6-0ubuntu1)
|
|
jaunty |
Released
(0.6-0ubuntu1)
|
|
karmic |
Released
(0.6-0ubuntu1)
|
|
upstream |
Needs triage
|