Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
CVE Vulnerabilities
56411
Checklists
224
US-CERT Alerts
246
US-CERT Vuln Notes
2721
OVAL Queries
8140
CPE Names
73033

Last updated: Thu May 23 08:22:17 EDT 2013

CVE Publication rate: 11.93

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 6.34

About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2007-3387

Original release date:07/30/2007
Last revised:03/07/2011
Source: US-CERT/NIST

Overview

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: REDHAT
Name: RHSA-2007:0730
Type: Advisory; Patch Information
Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0730.html
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-1604
Hyperlink:https://issues.rpath.com/browse/RPL-1604
External Source: CONFIRM
Name: https://issues.rpath.com/browse/RPL-1596
Hyperlink:https://issues.rpath.com/browse/RPL-1596
External Source: CONFIRM
Name: https://issues.foresightlinux.org/browse/FL-471
Hyperlink:https://issues.foresightlinux.org/browse/FL-471
External Source: VUPEN
Name: ADV-2007-2705
Hyperlink:http://www.vupen.com/english/advisories/2007/2705
External Source: VUPEN
Name: ADV-2007-2704
Hyperlink:http://www.vupen.com/english/advisories/2007/2704
External Source: UBUNTU
Name: USN-496-2
Hyperlink:http://www.ubuntu.com/usn/usn-496-2
External Source: UBUNTU
Name: USN-496-1
Hyperlink:http://www.ubuntu.com/usn/usn-496-1
External Source: SLACKWARE
Name: SSA:2007-222-05
Hyperlink:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
External Source: SECTRACK
Name: 1018473
Hyperlink:http://www.securitytracker.com/id?1018473
External Source: BID
Name: 25124
Hyperlink:http://www.securityfocus.com/bid/25124
External Source: BUGTRAQ
Name: 20070816 FLEA-2007-0046-1 cups
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/476765/30/5340/threaded
External Source: BUGTRAQ
Name: 20070814 FLEA-2007-0045-1 poppler
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/476519/30/5400/threaded
External Source: BUGTRAQ
Name: 20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/476508/100/0/threaded
External Source: REDHAT
Name: RHSA-2007:0735
Type: Advisory
Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0735.html
External Source: REDHAT
Name: RHSA-2007:0732
Type: Advisory
Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0732.html
External Source: REDHAT
Name: RHSA-2007:0731
Type: Advisory
Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0731.html
External Source: REDHAT
Name: RHSA-2007:0729
Type: Advisory
Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0729.html
External Source: REDHAT
Name: RHSA-2007:0720
Type: Advisory
Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0720.html
External Source: SUSE
Name: SUSE-SR:2007:016
Hyperlink:http://www.novell.com/linux/security/advisories/2007_16_sr.html
External Source: SUSE
Name: SUSE-SR:2007:015
Hyperlink:http://www.novell.com/linux/security/advisories/2007_15_sr.html
External Source: MANDRIVA
Name: MDKSA-2007:165
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
External Source: MANDRIVA
Name: MDKSA-2007:164
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
External Source: MANDRIVA
Name: MDKSA-2007:163
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
External Source: MANDRIVA
Name: MDKSA-2007:162
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
External Source: MANDRIVA
Name: MDKSA-2007:161
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
External Source: MANDRIVA
Name: MDKSA-2007:160
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
External Source: MANDRIVA
Name: MDKSA-2007:159
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
External Source: MANDRIVA
Name: MDKSA-2007:158
Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
External Source: CONFIRM
Name: http://www.kde.org/info/security/advisory-20070730-1.txt
Hyperlink:http://www.kde.org/info/security/advisory-20070730-1.txt
External Source: GENTOO
Name: GLSA-200710-08
Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
External Source: DEBIAN
Name: DSA-1357
Hyperlink:http://www.debian.org/security/2007/dsa-1357
External Source: DEBIAN
Name: DSA-1355
Hyperlink:http://www.debian.org/security/2007/dsa-1355
External Source: DEBIAN
Name: DSA-1354
Hyperlink:http://www.debian.org/security/2007/dsa-1354
External Source: DEBIAN
Name: DSA-1352
Hyperlink:http://www.debian.org/security/2007/dsa-1352
External Source: DEBIAN
Name: DSA-1350
Hyperlink:http://www.debian.org/security/2007/dsa-1350
External Source: DEBIAN
Name: DSA-1349
Hyperlink:http://www.debian.org/security/2007/dsa-1349
External Source: DEBIAN
Name: DSA-1348
Hyperlink:http://www.debian.org/security/2007/dsa-1348
External Source: DEBIAN
Name: DSA-1347
Hyperlink:http://www.debian.org/security/2007/dsa-1347
External Source: CONFIRM
Name: http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
External Source: CONFIRM
Name: http://sourceforge.net/project/shownotes.php?release_id=535497
Hyperlink:http://sourceforge.net/project/shownotes.php?release_id=535497
External Source: SLACKWARE
Name: SSA:2007-316-01
Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
External Source: GENTOO
Name: GLSA-200711-34
Hyperlink:http://security.gentoo.org/glsa/glsa-200711-34.xml
External Source: GENTOO
Name: GLSA-200710-20
Hyperlink:http://security.gentoo.org/glsa/glsa-200710-20.xml
External Source: GENTOO
Name: GLSA-200709-17
Hyperlink:http://security.gentoo.org/glsa/glsa-200709-17.xml
External Source: GENTOO
Name: GLSA-200709-12
Hyperlink:http://security.gentoo.org/glsa/glsa-200709-12.xml
External Source: SECUNIA
Name: 26257
Type: Advisory
Hyperlink:http://secunia.com/advisories/26257
External Source: SECUNIA
Name: 26255
Type: Advisory
Hyperlink:http://secunia.com/advisories/26255
External Source: SECUNIA
Name: 26254
Type: Advisory
Hyperlink:http://secunia.com/advisories/26254
External Source: SECUNIA
Name: 26188
Type: Advisory
Hyperlink:http://secunia.com/advisories/26188
External Source: OVAL
Name: oval:org.mitre.oval:def:11149
Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11149
External Source: OSVDB
Name: 40127
Hyperlink:http://osvdb.org/40127
External Source: MISC
Name: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
Hyperlink:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
External Source: MISC
Name: http://bugs.gentoo.org/show_bug.cgi?id=187139
Hyperlink:http://bugs.gentoo.org/show_bug.cgi?id=187139
External Source: SGI
Name: 20070801-01-P
Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
External Source: CONFIRM
Name: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
Hyperlink:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
External Source: GENTOO
Name: GLSA-200805-13
Hyperlink:http://security.gentoo.org/glsa/glsa-200805-13.xml
External Source: SECUNIA
Name: 30168
Hyperlink:http://secunia.com/advisories/30168
External Source: SECUNIA
Name: 27637
Hyperlink:http://secunia.com/advisories/27637
External Source: SECUNIA
Name: 27308
Hyperlink:http://secunia.com/advisories/27308
External Source: SECUNIA
Name: 27281
Hyperlink:http://secunia.com/advisories/27281
External Source: SECUNIA
Name: 27156
Hyperlink:http://secunia.com/advisories/27156
External Source: SECUNIA
Name: 26982
Hyperlink:http://secunia.com/advisories/26982
External Source: SECUNIA
Name: 26862
Hyperlink:http://secunia.com/advisories/26862
External Source: SECUNIA
Name: 26627
Hyperlink:http://secunia.com/advisories/26627
External Source: SECUNIA
Name: 26607
Hyperlink:http://secunia.com/advisories/26607
External Source: SECUNIA
Name: 26514
Hyperlink:http://secunia.com/advisories/26514
External Source: SECUNIA
Name: 26470
Hyperlink:http://secunia.com/advisories/26470
External Source: SECUNIA
Name: 26468
Hyperlink:http://secunia.com/advisories/26468
External Source: SECUNIA
Name: 26467
Hyperlink:http://secunia.com/advisories/26467
External Source: SECUNIA
Name: 26436
Hyperlink:http://secunia.com/advisories/26436
External Source: SECUNIA
Name: 26432
Hyperlink:http://secunia.com/advisories/26432
External Source: SECUNIA
Name: 26425
Hyperlink:http://secunia.com/advisories/26425
External Source: SECUNIA
Name: 26413
Hyperlink:http://secunia.com/advisories/26413
External Source: SECUNIA
Name: 26410
Hyperlink:http://secunia.com/advisories/26410
External Source: SECUNIA
Name: 26407
Hyperlink:http://secunia.com/advisories/26407
External Source: SECUNIA
Name: 26405
Hyperlink:http://secunia.com/advisories/26405
External Source: SECUNIA
Name: 26403
Hyperlink:http://secunia.com/advisories/26403
External Source: SECUNIA
Name: 26395
Hyperlink:http://secunia.com/advisories/26395
External Source: SECUNIA
Name: 26370
Hyperlink:http://secunia.com/advisories/26370
External Source: SECUNIA
Name: 26365
Hyperlink:http://secunia.com/advisories/26365
External Source: SECUNIA
Name: 26358
Hyperlink:http://secunia.com/advisories/26358
External Source: SECUNIA
Name: 26343
Hyperlink:http://secunia.com/advisories/26343
External Source: SECUNIA
Name: 26342
Hyperlink:http://secunia.com/advisories/26342
External Source: SECUNIA
Name: 26325
Hyperlink:http://secunia.com/advisories/26325
External Source: SECUNIA
Name: 26318
Hyperlink:http://secunia.com/advisories/26318
External Source: SECUNIA
Name: 26307
Hyperlink:http://secunia.com/advisories/26307
External Source: SECUNIA
Name: 26297
Hyperlink:http://secunia.com/advisories/26297
External Source: SECUNIA
Name: 26293
Hyperlink:http://secunia.com/advisories/26293
External Source: SECUNIA
Name: 26292
Hyperlink:http://secunia.com/advisories/26292
External Source: SECUNIA
Name: 26283
Hyperlink:http://secunia.com/advisories/26283
External Source: SECUNIA
Name: 26281
Hyperlink:http://secunia.com/advisories/26281
External Source: SECUNIA
Name: 26278
Hyperlink:http://secunia.com/advisories/26278
External Source: SECUNIA
Name: 26251
Hyperlink:http://secunia.com/advisories/26251

References to Check Content

Identifier:oval:org.mitre.oval:def:11149
Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11149

Vulnerable software and versions

Nav control imageConfiguration 1
spacerNav control imageAND
spacerspacerNav control imageOR
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4.0::as
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4.0::es
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4.0::ws
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux_desktop:4.0
spacerspacerNav control imageOR
spacerspacerspacerNav control image* cpe:/a:easy_software_products:cups
spacerspacerspacerNav control image* cpe:/a:kde:kdegraphics
spacerspacerspacerNav control image* cpe:/a:kde:kpdf
spacerspacerspacerNav control image* cpe:/a:pdfedit:pdfedit
spacerspacerspacerNav control image* cpe:/a:xpdf:xpdf:3.02
spacerspacerspacerNav control image* cpe:/a:gnome:gpdf:2.8.1 and previous versions
spacerspacerspacerNav control image* cpe:/a:poppler:poppler:0.5.91 and previous versions
* Denotes Vulnerable Software
* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387