Vulnerability Details : CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2007-3387
Top countries where our scanners detected CVE-2007-3387
Top open port discovered on systems with this issue
631
IPs affected by CVE-2007-3387 3,036
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-3387!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-3387
Probability of exploitation activity in the next 30 days: 4.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-3387
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-3387
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-3387
-
http://www.debian.org/security/2007/dsa-1348
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200711-34.xml
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
Third Party Advisory
-
http://www.vupen.com/english/advisories/2007/2704
Permissions Required;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0729.html
Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1349
Third Party Advisory
-
http://www.kde.org/info/security/advisory-20070730-1.txt
Third Party Advisory
-
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2007/dsa-1354
Third Party Advisory
-
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
Broken Link
-
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200709-12.xml
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0735.html
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0731.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1357
Third Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
Third Party Advisory
-
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1347
Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
Third Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200710-20.xml
Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1355
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0732.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0730.html
Third Party Advisory
-
http://www.vupen.com/english/advisories/2007/2705
Permissions Required;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200805-13.xml
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0720.html
Third Party Advisory
-
https://issues.foresightlinux.org/browse/FL-471
Broken Link
-
http://sourceforge.net/project/shownotes.php?release_id=535497
Broken Link
-
http://www.novell.com/linux/security/advisories/2007_15_sr.html
Broken Link
-
https://issues.rpath.com/browse/RPL-1596
Broken Link
-
http://www.debian.org/security/2007/dsa-1350
Third Party Advisory
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
Issue Tracking;Third Party Advisory
-
http://www.novell.com/linux/security/advisories/2007_16_sr.html
404 Page Not Found | SUSEBroken Link
-
http://www.debian.org/security/2007/dsa-1352
Third Party Advisory
-
http://www.securitytracker.com/id?1018473
Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-200709-17.xml
Third Party Advisory
-
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/25124
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-496-2
Third Party Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=187139
Issue Tracking;Third Party Advisory
-
http://www.securityfocus.com/archive/1/476508/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-496-1
Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1604
Broken Link
Products affected by CVE-2007-3387
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*