CVE-2007-3387

Name of the Vulnerable Software and Affected Versions xpdf version 3.02 poppler versions prior to 0.5.91 gpdf versions prior to 2.8.2 kpdf (affected versions not specified) kdegraphics (affected versions not specified) CUPS (affected versions not specified) PDFedit (affected versions not specified)

Description The issue is related to an integer overflow in the StreamPredictor::StreamPredictor function, which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. This could lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.

Recommendations For xpdf version 3.02, update to a version that fixes the integer overflow issue. For poppler versions prior to 0.5.91, update to version 0.5.91 or later. For gpdf versions prior to 2.8.2, update to version 2.8.2 or later. For kpdf, kdegraphics, CUPS, and PDFedit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.