Bug 187310

Summary:	app-text/[xpdf\|poppler] kde-base/[kpdf\|kdegraphics\|kde] net-print/cups integer overflow CVE-2007-3387
Product:	Gentoo Security	Reporter:	Matt Fleming (RETIRED) <mjf>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/cve_reference/CVE-2007-3387/
Whiteboard:	A2 [upstream?]
Package list:		Runtime testing required:	---

Description Matt Fleming (RETIRED) gentoo-dev

2007-07-31 23:56:26 UTC

Integer overflow in the StreamPredictor::StreamPredictor function in gpdf before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file.

KDE's advisory is here, http://www.kde.org/info/security/advisory-20070730-1.txt
They claim execution of arbitrary code is possible.

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2007-08-01 13:05:07 UTC

Bugs exist already. The security team will hopefully make them visible to everyone, soon.

*** This bug has been marked as a duplicate of bug 187139 ***

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-08-14 10:12:22 UTC

Just trying to catch up on bugs, but is poppler fixed anywhere?

Comment 3 Carsten Lohrke (RETIRED) gentoo-dev

2007-08-14 16:05:56 UTC

(In reply to comment #2)
> Just trying to catch up on bugs, but is poppler fixed anywhere?
> 

Don't think so and according to the CVE cups should be also affected.