NVD脆弱性詳細

CVE-2007-3387

概要	Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
概要	Un desbordamiento de enteros en la función StreamPredictor::StreamPredictor en xpdf versión 3.02, tal como es usado en (1) poppler anterior a versión 0.5.91, (2) gpdf anterior a versión 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podrían permitir que los atacantes remotos ejecuten código arbitrario por medio de un archivo PDF creado que causa un desbordamiento del búfer en la región stack de la memoria, en la función StreamPredictor::getNextLine.
公表日	2007年7月31日8:17
登録日	2021年1月29日14:15
最終更新日	2026年4月23日9:35

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:cups::::::::		1.3.11
cpe:2.3:a:freedesktop:poppler::::::::				0.5.91
cpe:2.3:a:gpdf_project:gpdf::::::::				2.8.2
cpe:2.3:a:xpdfreader:xpdf:3.02:::::::*
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*

関連情報、対策とツール

No	URL	refsource
1	ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch	secalert@redhat.com
2	ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc	secalert@redhat.com
3	http://bugs.gentoo.org/show_bug.cgi?id=187139	secalert@redhat.com
4	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194	secalert@redhat.com
5	http://osvdb.org/40127	secalert@redhat.com
6	http://secunia.com/advisories/26188	secalert@redhat.com
7	http://secunia.com/advisories/26251	secalert@redhat.com
8	http://secunia.com/advisories/26254	secalert@redhat.com
9	http://secunia.com/advisories/26255	secalert@redhat.com
10	http://secunia.com/advisories/26257	secalert@redhat.com
11	http://secunia.com/advisories/26278	secalert@redhat.com
12	http://secunia.com/advisories/26281	secalert@redhat.com
13	http://secunia.com/advisories/26283	secalert@redhat.com
14	http://secunia.com/advisories/26292	secalert@redhat.com
15	http://secunia.com/advisories/26293	secalert@redhat.com
16	http://secunia.com/advisories/26297	secalert@redhat.com
17	http://secunia.com/advisories/26307	secalert@redhat.com
18	http://secunia.com/advisories/26318	secalert@redhat.com
19	http://secunia.com/advisories/26325	secalert@redhat.com
20	http://secunia.com/advisories/26342	secalert@redhat.com
21	http://secunia.com/advisories/26343	secalert@redhat.com
22	http://secunia.com/advisories/26358	secalert@redhat.com
23	http://secunia.com/advisories/26365	secalert@redhat.com
24	http://secunia.com/advisories/26370	secalert@redhat.com
25	http://secunia.com/advisories/26395	secalert@redhat.com
26	http://secunia.com/advisories/26403	secalert@redhat.com
27	http://secunia.com/advisories/26405	secalert@redhat.com
28	http://secunia.com/advisories/26407	secalert@redhat.com
29	http://secunia.com/advisories/26410	secalert@redhat.com
30	http://secunia.com/advisories/26413	secalert@redhat.com
31	http://secunia.com/advisories/26425	secalert@redhat.com
32	http://secunia.com/advisories/26432	secalert@redhat.com
33	http://secunia.com/advisories/26436	secalert@redhat.com
34	http://secunia.com/advisories/26467	secalert@redhat.com
35	http://secunia.com/advisories/26468	secalert@redhat.com
36	http://secunia.com/advisories/26470	secalert@redhat.com
37	http://secunia.com/advisories/26514	secalert@redhat.com
38	http://secunia.com/advisories/26607	secalert@redhat.com
39	http://secunia.com/advisories/26627	secalert@redhat.com
40	http://secunia.com/advisories/26862	secalert@redhat.com
41	http://secunia.com/advisories/26982	secalert@redhat.com
42	http://secunia.com/advisories/27156	secalert@redhat.com
43	http://secunia.com/advisories/27281	secalert@redhat.com
44	http://secunia.com/advisories/27308	secalert@redhat.com
45	http://secunia.com/advisories/27637	secalert@redhat.com
46	http://secunia.com/advisories/30168	secalert@redhat.com
47	http://security.gentoo.org/glsa/glsa-200709-12.xml	secalert@redhat.com
48	http://security.gentoo.org/glsa/glsa-200709-17.xml	secalert@redhat.com
49	http://security.gentoo.org/glsa/glsa-200710-20.xml	secalert@redhat.com
50	http://security.gentoo.org/glsa/glsa-200711-34.xml	secalert@redhat.com
51	http://security.gentoo.org/glsa/glsa-200805-13.xml	secalert@redhat.com
52	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882	secalert@redhat.com
53	http://sourceforge.net/project/shownotes.php?release_id=535497	secalert@redhat.com
54	http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm	secalert@redhat.com
55	http://www.debian.org/security/2007/dsa-1347	secalert@redhat.com
56	http://www.debian.org/security/2007/dsa-1348	secalert@redhat.com
57	http://www.debian.org/security/2007/dsa-1349	secalert@redhat.com
58	http://www.debian.org/security/2007/dsa-1350	secalert@redhat.com
59	http://www.debian.org/security/2007/dsa-1352	secalert@redhat.com
60	http://www.debian.org/security/2007/dsa-1354	secalert@redhat.com
61	http://www.debian.org/security/2007/dsa-1355	secalert@redhat.com
62	http://www.debian.org/security/2007/dsa-1357	secalert@redhat.com
63	http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml	secalert@redhat.com
64	http://www.kde.org/info/security/advisory-20070730-1.txt	secalert@redhat.com
65	http://www.mandriva.com/security/advisories?name=MDKSA-2007:158	secalert@redhat.com
66	http://www.mandriva.com/security/advisories?name=MDKSA-2007:159	secalert@redhat.com
67	http://www.mandriva.com/security/advisories?name=MDKSA-2007:160	secalert@redhat.com
68	http://www.mandriva.com/security/advisories?name=MDKSA-2007:161	secalert@redhat.com
69	http://www.mandriva.com/security/advisories?name=MDKSA-2007:162	secalert@redhat.com
70	http://www.mandriva.com/security/advisories?name=MDKSA-2007:163	secalert@redhat.com
71	http://www.mandriva.com/security/advisories?name=MDKSA-2007:164	secalert@redhat.com
72	http://www.mandriva.com/security/advisories?name=MDKSA-2007:165	secalert@redhat.com
73	http://www.novell.com/linux/security/advisories/2007_15_sr.html	secalert@redhat.com
74	http://www.novell.com/linux/security/advisories/2007_16_sr.html	secalert@redhat.com
75	http://www.redhat.com/support/errata/RHSA-2007-0720.html	secalert@redhat.com
76	http://www.redhat.com/support/errata/RHSA-2007-0729.html	secalert@redhat.com
77	http://www.redhat.com/support/errata/RHSA-2007-0730.html	secalert@redhat.com
78	http://www.redhat.com/support/errata/RHSA-2007-0731.html	secalert@redhat.com
79	http://www.redhat.com/support/errata/RHSA-2007-0732.html	secalert@redhat.com
80	http://www.redhat.com/support/errata/RHSA-2007-0735.html	secalert@redhat.com
81	http://www.securityfocus.com/archive/1/476508/100/0/threaded	secalert@redhat.com
82	http://www.securityfocus.com/archive/1/476519/30/5400/threaded	secalert@redhat.com
83	http://www.securityfocus.com/archive/1/476765/30/5340/threaded	secalert@redhat.com
84	http://www.securityfocus.com/bid/25124	secalert@redhat.com
85	http://www.securitytracker.com/id?1018473	secalert@redhat.com
86	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670	secalert@redhat.com
87	http://www.ubuntu.com/usn/usn-496-1	secalert@redhat.com
88	http://www.ubuntu.com/usn/usn-496-2	secalert@redhat.com
89	http://www.vupen.com/english/advisories/2007/2704	secalert@redhat.com
90	http://www.vupen.com/english/advisories/2007/2705	secalert@redhat.com
91	https://issues.foresightlinux.org/browse/FL-471	secalert@redhat.com
92	https://issues.rpath.com/browse/RPL-1596	secalert@redhat.com
93	https://issues.rpath.com/browse/RPL-1604	secalert@redhat.com
94	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149	secalert@redhat.com
95	ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch	af854a3a-2127-422b-91ae-364da2661108
96	ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc	af854a3a-2127-422b-91ae-364da2661108
97	http://bugs.gentoo.org/show_bug.cgi?id=187139	af854a3a-2127-422b-91ae-364da2661108
98	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194	af854a3a-2127-422b-91ae-364da2661108
99	http://osvdb.org/40127	af854a3a-2127-422b-91ae-364da2661108
100	http://secunia.com/advisories/26188	af854a3a-2127-422b-91ae-364da2661108
101	http://secunia.com/advisories/26251	af854a3a-2127-422b-91ae-364da2661108
102	http://secunia.com/advisories/26254	af854a3a-2127-422b-91ae-364da2661108
103	http://secunia.com/advisories/26255	af854a3a-2127-422b-91ae-364da2661108
104	http://secunia.com/advisories/26257	af854a3a-2127-422b-91ae-364da2661108
105	http://secunia.com/advisories/26278	af854a3a-2127-422b-91ae-364da2661108
106	http://secunia.com/advisories/26281	af854a3a-2127-422b-91ae-364da2661108
107	http://secunia.com/advisories/26283	af854a3a-2127-422b-91ae-364da2661108
108	http://secunia.com/advisories/26292	af854a3a-2127-422b-91ae-364da2661108
109	http://secunia.com/advisories/26293	af854a3a-2127-422b-91ae-364da2661108
110	http://secunia.com/advisories/26297	af854a3a-2127-422b-91ae-364da2661108
111	http://secunia.com/advisories/26307	af854a3a-2127-422b-91ae-364da2661108
112	http://secunia.com/advisories/26318	af854a3a-2127-422b-91ae-364da2661108
113	http://secunia.com/advisories/26325	af854a3a-2127-422b-91ae-364da2661108
114	http://secunia.com/advisories/26342	af854a3a-2127-422b-91ae-364da2661108
115	http://secunia.com/advisories/26343	af854a3a-2127-422b-91ae-364da2661108
116	http://secunia.com/advisories/26358	af854a3a-2127-422b-91ae-364da2661108
117	http://secunia.com/advisories/26365	af854a3a-2127-422b-91ae-364da2661108
118	http://secunia.com/advisories/26370	af854a3a-2127-422b-91ae-364da2661108
119	http://secunia.com/advisories/26395	af854a3a-2127-422b-91ae-364da2661108
120	http://secunia.com/advisories/26403	af854a3a-2127-422b-91ae-364da2661108
121	http://secunia.com/advisories/26405	af854a3a-2127-422b-91ae-364da2661108
122	http://secunia.com/advisories/26407	af854a3a-2127-422b-91ae-364da2661108
123	http://secunia.com/advisories/26410	af854a3a-2127-422b-91ae-364da2661108
124	http://secunia.com/advisories/26413	af854a3a-2127-422b-91ae-364da2661108
125	http://secunia.com/advisories/26425	af854a3a-2127-422b-91ae-364da2661108
126	http://secunia.com/advisories/26432	af854a3a-2127-422b-91ae-364da2661108
127	http://secunia.com/advisories/26436	af854a3a-2127-422b-91ae-364da2661108
128	http://secunia.com/advisories/26467	af854a3a-2127-422b-91ae-364da2661108
129	http://secunia.com/advisories/26468	af854a3a-2127-422b-91ae-364da2661108
130	http://secunia.com/advisories/26470	af854a3a-2127-422b-91ae-364da2661108
131	http://secunia.com/advisories/26514	af854a3a-2127-422b-91ae-364da2661108
132	http://secunia.com/advisories/26607	af854a3a-2127-422b-91ae-364da2661108
133	http://secunia.com/advisories/26627	af854a3a-2127-422b-91ae-364da2661108
134	http://secunia.com/advisories/26862	af854a3a-2127-422b-91ae-364da2661108
135	http://secunia.com/advisories/26982	af854a3a-2127-422b-91ae-364da2661108
136	http://secunia.com/advisories/27156	af854a3a-2127-422b-91ae-364da2661108
137	http://secunia.com/advisories/27281	af854a3a-2127-422b-91ae-364da2661108
138	http://secunia.com/advisories/27308	af854a3a-2127-422b-91ae-364da2661108
139	http://secunia.com/advisories/27637	af854a3a-2127-422b-91ae-364da2661108
140	http://secunia.com/advisories/30168	af854a3a-2127-422b-91ae-364da2661108
141	http://security.gentoo.org/glsa/glsa-200709-12.xml	af854a3a-2127-422b-91ae-364da2661108
142	http://security.gentoo.org/glsa/glsa-200709-17.xml	af854a3a-2127-422b-91ae-364da2661108
143	http://security.gentoo.org/glsa/glsa-200710-20.xml	af854a3a-2127-422b-91ae-364da2661108
144	http://security.gentoo.org/glsa/glsa-200711-34.xml	af854a3a-2127-422b-91ae-364da2661108
145	http://security.gentoo.org/glsa/glsa-200805-13.xml	af854a3a-2127-422b-91ae-364da2661108
146	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882	af854a3a-2127-422b-91ae-364da2661108
147	http://sourceforge.net/project/shownotes.php?release_id=535497	af854a3a-2127-422b-91ae-364da2661108
148	http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm	af854a3a-2127-422b-91ae-364da2661108
149	http://www.debian.org/security/2007/dsa-1347	af854a3a-2127-422b-91ae-364da2661108
150	http://www.debian.org/security/2007/dsa-1348	af854a3a-2127-422b-91ae-364da2661108
151	http://www.debian.org/security/2007/dsa-1349	af854a3a-2127-422b-91ae-364da2661108
152	http://www.debian.org/security/2007/dsa-1350	af854a3a-2127-422b-91ae-364da2661108
153	http://www.debian.org/security/2007/dsa-1352	af854a3a-2127-422b-91ae-364da2661108
154	http://www.debian.org/security/2007/dsa-1354	af854a3a-2127-422b-91ae-364da2661108
155	http://www.debian.org/security/2007/dsa-1355	af854a3a-2127-422b-91ae-364da2661108
156	http://www.debian.org/security/2007/dsa-1357	af854a3a-2127-422b-91ae-364da2661108
157	http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml	af854a3a-2127-422b-91ae-364da2661108
158	http://www.kde.org/info/security/advisory-20070730-1.txt	af854a3a-2127-422b-91ae-364da2661108
159	http://www.mandriva.com/security/advisories?name=MDKSA-2007:158	af854a3a-2127-422b-91ae-364da2661108
160	http://www.mandriva.com/security/advisories?name=MDKSA-2007:159	af854a3a-2127-422b-91ae-364da2661108
161	http://www.mandriva.com/security/advisories?name=MDKSA-2007:160	af854a3a-2127-422b-91ae-364da2661108
162	http://www.mandriva.com/security/advisories?name=MDKSA-2007:161	af854a3a-2127-422b-91ae-364da2661108
163	http://www.mandriva.com/security/advisories?name=MDKSA-2007:162	af854a3a-2127-422b-91ae-364da2661108
164	http://www.mandriva.com/security/advisories?name=MDKSA-2007:163	af854a3a-2127-422b-91ae-364da2661108
165	http://www.mandriva.com/security/advisories?name=MDKSA-2007:164	af854a3a-2127-422b-91ae-364da2661108
166	http://www.mandriva.com/security/advisories?name=MDKSA-2007:165	af854a3a-2127-422b-91ae-364da2661108
167	http://www.novell.com/linux/security/advisories/2007_15_sr.html	af854a3a-2127-422b-91ae-364da2661108
168	http://www.novell.com/linux/security/advisories/2007_16_sr.html	af854a3a-2127-422b-91ae-364da2661108
169	http://www.redhat.com/support/errata/RHSA-2007-0720.html	af854a3a-2127-422b-91ae-364da2661108
170	http://www.redhat.com/support/errata/RHSA-2007-0729.html	af854a3a-2127-422b-91ae-364da2661108
171	http://www.redhat.com/support/errata/RHSA-2007-0730.html	af854a3a-2127-422b-91ae-364da2661108
172	http://www.redhat.com/support/errata/RHSA-2007-0731.html	af854a3a-2127-422b-91ae-364da2661108
173	http://www.redhat.com/support/errata/RHSA-2007-0732.html	af854a3a-2127-422b-91ae-364da2661108
174	http://www.redhat.com/support/errata/RHSA-2007-0735.html	af854a3a-2127-422b-91ae-364da2661108
175	http://www.securityfocus.com/archive/1/476508/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
176	http://www.securityfocus.com/archive/1/476519/30/5400/threaded	af854a3a-2127-422b-91ae-364da2661108
177	http://www.securityfocus.com/archive/1/476765/30/5340/threaded	af854a3a-2127-422b-91ae-364da2661108
178	http://www.securityfocus.com/bid/25124	af854a3a-2127-422b-91ae-364da2661108
179	http://www.securitytracker.com/id?1018473	af854a3a-2127-422b-91ae-364da2661108
180	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670	af854a3a-2127-422b-91ae-364da2661108
181	http://www.ubuntu.com/usn/usn-496-1	af854a3a-2127-422b-91ae-364da2661108
182	http://www.ubuntu.com/usn/usn-496-2	af854a3a-2127-422b-91ae-364da2661108
183	http://www.vupen.com/english/advisories/2007/2704	af854a3a-2127-422b-91ae-364da2661108
184	http://www.vupen.com/english/advisories/2007/2705	af854a3a-2127-422b-91ae-364da2661108
185	https://issues.foresightlinux.org/browse/FL-471	af854a3a-2127-422b-91ae-364da2661108
186	https://issues.rpath.com/browse/RPL-1596	af854a3a-2127-422b-91ae-364da2661108
187	https://issues.rpath.com/browse/RPL-1604	af854a3a-2127-422b-91ae-364da2661108
188	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:cups::::::::		1.3.11
cpe:2.3:a:freedesktop:poppler::::::::				0.5.91
cpe:2.3:a:gpdf_project:gpdf::::::::				2.8.2
cpe:2.3:a:xpdfreader:xpdf:3.02:::::::*
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*