VDB
DEBIAN-CVE-2007-3387
DEBIAN-CVE-2007-3387
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | libextractor | 0, 0, 0 |
| Debian:11 | libextractor | 0, 0, 0 |
| Debian:12 | libextractor | 0, 0, 0 |
| Debian:13 | poppler | 0, 0, 0 |
| Debian:14 | poppler | 0, 0, 0 |
| Debian:13 | libextractor | 0, 0, 0 |
| Debian:12 | poppler | 0, 0, 0 |
| Debian:12 | xpdf | 0, 0, 0 |
| Debian:14 | xpdf | 0, 0, 0 |
| Debian:11 | xpdf | 0, 0, 0 |
| Debian:13 | xpdf | 0, 0, 0 |
| Debian:11 | poppler | 0, 0, 0 |
Timeline
- Jul 30, 2007 CVE Published
- Apr 28, 2026 CVE Updated