CVE-2007-3387

CVE Database · CVE-2007-3387

CVE-2007-3387

· N/AModified

CVSS v3.1

N/A

EPSS

8.57%

Published

Jul 30, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Weaknesses (CWE)

CWE-190

Affected Products (9)

apple · cupsvulnerable

freedesktop · poppler (up to 0.5.91)vulnerable

gpdf_project · gpdf (up to 2.8.2)vulnerable

xpdfreader · xpdfvulnerable

debian · debian_linuxvulnerable

canonical · ubuntu_linuxvulnerable

References (20)

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

Broken Link