CVE-2007-3387

EPSS 10.7%

poppler - buffer overflow

Published: 7/30/2007Modified: 4/28/2026

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Affected packages (15)

Debian/gpdffrom 0, < 2.8.2-1.2sarge6
Debian/kdegraphicsfrom 0, < 4:3.5.7-2lenny1
Debian/kdegraphicsfrom 0, < 4:3.3.2-2sarge5
Debian/kofficefrom 0, < 1:1.6.3-1lenny1
Debian/kofficefrom 0, < 1:1.6.1-2etch1
Debian/libextractorfrom 0, < 0.5.12-1
Debian/libextractorfrom 0, < 0.4.2-2sarge6
Debian/pdfkit.frameworkfrom 0, < 0.8-2sarge4
Debian/popplerfrom 0, < 0.5.4-6lenny2
Debian/popplerfrom 0, < 0.5.4-6.1
Debian/popplerfrom 0, < 0.4.5-5.1etch1
Debian/popplerfrom 0, < 0.5.4-6lenny1
Debian/tetex-binfrom 0, < 2.0.2-30sarge5
Debian/xpdffrom 0, < 3.02-1.1
Debian/xpdffrom 0, < 3.01-9etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-3387