CVE-2007-3387

Upstream information

CVE-2007-3387 at MITRE

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

---

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entries: 291690 [RESOLVED / FIXED], 335637 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SR:2007:015, published Fri, 03 Aug 2007 15:00:00 +0000
• SUSE-SR:2007:016, published Fri, 10 Aug 2007 16:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	cups >= 1.3.9-8.30.1 cups-client >= 1.3.9-8.30.1 cups-libs >= 1.3.9-8.30.1 cups-libs-32bit >= 1.3.9-8.30.1 cups-libs-x86 >= 1.3.9-8.30.1 xpdf-tools >= 3.02-138.26.1
SUSE Linux Enterprise Server 11 SP2	cups >= 1.3.9-8.44.1 cups-client >= 1.3.9-8.44.1 cups-libs >= 1.3.9-8.44.1 cups-libs-32bit >= 1.3.9-8.44.1 cups-libs-x86 >= 1.3.9-8.44.1
SUSE Linux Enterprise Server 11 SP3	cups >= 1.3.9-8.46.46.1 cups-client >= 1.3.9-8.46.46.1 cups-libs >= 1.3.9-8.46.46.1 cups-libs-32bit >= 1.3.9-8.46.46.1 cups-libs-x86 >= 1.3.9-8.46.46.1
SUSE Linux Enterprise Server 11 SP4	cups >= 1.3.9-8.46.56.1 cups-client >= 1.3.9-8.46.56.1 cups-libs >= 1.3.9-8.46.56.1 cups-libs-32bit >= 1.3.9-8.46.56.1 cups-libs-x86 >= 1.3.9-8.46.56.1
SUSE Linux Enterprise Software Development Kit 11 SP4	cups-devel >= 1.3.9-8.46.56.1