187310 – app-text/[xpdf|poppler] kde-base/[kpdf|kdegraphics|kde] net-print/cups integer overflow CVE-2007-3387

Bug 187310 - app-text/[xpdf|poppler] kde-base/[kpdf|kdegraphics|kde] net-print/cups integer overflow CVE-2007-3387

Summary: app-text/[xpdf|poppler] kde-base/[kpdf|kdegraphics|kde] net-print/cups intege...

Status:	RESOLVED DUPLICATE of bug 187139

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/cve_reference/CVE-...
Whiteboard:	A2 [upstream?]
Keywords:

Depends on:
Blocks:

Reported:	2007-07-31 23:56 UTC by Matt Fleming (RETIRED)
Modified:	2007-08-14 16:05 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fleming (RETIRED) gentoo-dev

2007-07-31 23:56:26 UTC

Integer overflow in the StreamPredictor::StreamPredictor function in gpdf before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file.

KDE's advisory is here, http://www.kde.org/info/security/advisory-20070730-1.txt
They claim execution of arbitrary code is possible.

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2007-08-01 13:05:07 UTC

Bugs exist already. The security team will hopefully make them visible to everyone, soon.

*** This bug has been marked as a duplicate of bug 187139 ***

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-08-14 10:12:22 UTC

Just trying to catch up on bugs, but is poppler fixed anywhere?

Comment 3 Carsten Lohrke (RETIRED) gentoo-dev

2007-08-14 16:05:56 UTC

(In reply to comment #2)
> Just trying to catch up on bugs, but is poppler fixed anywhere?
> 

Don't think so and according to the CVE cups should be also affected.