CVE-2007-3387 (CNNVD-200707-553)
MEDIUM
中文标题:
Freedesktop Poppler 输入验证错误漏洞
英文标题:
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppl...
CVSS分数:
6.8
发布时间:
2007-07-30 23:00:00
漏洞类型:
输入验证错误
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Freedesktop Poppler是Freedesktop社区的一个用于生成PDF的C++类库,该库是从Xpdf(PDF阅读器)继承而来。 Freedesktop Poppler存在输入验证错误漏洞。攻击者利用该漏洞可以执行任意代码。
英文描述:
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
CWE类型:
CWE-190
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| apple | cups | * | - | - |
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
|
| freedesktop | poppler | * | - | - |
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
|
| gpdf_project | gpdf | * | - | - |
cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*
|
| xpdfreader | xpdf | 3.02 | - | - |
cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*
|
| debian | debian_linux | 3.1 | - | - |
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
|
| debian | debian_linux | 4.0 | - | - |
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 6.06 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 6.10 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 7.04 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2007:0730
vendor-advisory
cve.org
访问
cve.org
USN-496-1
vendor-advisory
cve.org
访问
cve.org
DSA-1355
vendor-advisory
cve.org
访问
cve.org
ADV-2007-2705
vdb-entry
cve.org
访问
cve.org
SUSE-SR:2007:016
vendor-advisory
cve.org
访问
cve.org
MDKSA-2007:164
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
MDKSA-2007:165
vendor-advisory
cve.org
访问
cve.org
26307
third-party-advisory
cve.org
访问
cve.org
MDKSA-2007:158
vendor-advisory
cve.org
访问
cve.org
DSA-1350
vendor-advisory
cve.org
访问
cve.org
20070814 FLEA-2007-0045-1 poppler
mailing-list
cve.org
访问
cve.org
26468
third-party-advisory
cve.org
访问
cve.org
20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts
mailing-list
cve.org
访问
cve.org
26982
third-party-advisory
cve.org
访问
cve.org
26254
third-party-advisory
cve.org
访问
cve.org
26370
third-party-advisory
cve.org
访问
cve.org
DSA-1348
vendor-advisory
cve.org
访问
cve.org
26325
third-party-advisory
cve.org
访问
cve.org
26413
third-party-advisory
cve.org
访问
cve.org
DSA-1352
vendor-advisory
cve.org
访问
cve.org
GLSA-200710-08
vendor-advisory
cve.org
访问
cve.org
DSA-1354
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
USN-496-2
vendor-advisory
cve.org
访问
cve.org
MDKSA-2007:163
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2007:0731
vendor-advisory
cve.org
访问
cve.org
40127
vdb-entry
cve.org
访问
cve.org
26862
third-party-advisory
cve.org
访问
cve.org
GLSA-200805-13
vendor-advisory
cve.org
访问
cve.org
26281
third-party-advisory
cve.org
访问
cve.org
RHSA-2007:0720
vendor-advisory
cve.org
访问
cve.org
GLSA-200709-12
vendor-advisory
cve.org
访问
cve.org
25124
vdb-entry
cve.org
访问
cve.org
26514
third-party-advisory
cve.org
访问
cve.org
26467
third-party-advisory
cve.org
访问
cve.org
SSA:2007-316-01
vendor-advisory
cve.org
访问
cve.org
26432
third-party-advisory
cve.org
访问
cve.org
26410
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
26607
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
30168
third-party-advisory
cve.org
访问
cve.org
26358
third-party-advisory
cve.org
访问
cve.org
26365
third-party-advisory
cve.org
访问
cve.org
26627
third-party-advisory
cve.org
访问
cve.org
26293
third-party-advisory
cve.org
访问
cve.org
26283
third-party-advisory
cve.org
访问
cve.org
MDKSA-2007:159
vendor-advisory
cve.org
访问
cve.org
27308
third-party-advisory
cve.org
访问
cve.org
MDKSA-2007:160
vendor-advisory
cve.org
访问
cve.org
DSA-1357
vendor-advisory
cve.org
访问
cve.org
GLSA-200709-17
vendor-advisory
cve.org
访问
cve.org
26403
third-party-advisory
cve.org
访问
cve.org
RHSA-2007:0732
vendor-advisory
cve.org
访问
cve.org
DSA-1349
vendor-advisory
cve.org
访问
cve.org
26251
third-party-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:11149
vdb-entry
cve.org
访问
cve.org
26292
third-party-advisory
cve.org
访问
cve.org
MDKSA-2007:161
vendor-advisory
cve.org
访问
cve.org
26342
third-party-advisory
cve.org
访问
cve.org
26257
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
26395
third-party-advisory
cve.org
访问
cve.org
SSA:2007-222-05
vendor-advisory
cve.org
访问
cve.org
MDKSA-2007:162
vendor-advisory
cve.org
访问
cve.org
GLSA-200711-34
vendor-advisory
cve.org
访问
cve.org
1018473
vdb-entry
cve.org
访问
cve.org
RHSA-2007:0729
vendor-advisory
cve.org
访问
cve.org
26188
third-party-advisory
cve.org
访问
cve.org
26278
third-party-advisory
cve.org
访问
cve.org
26425
third-party-advisory
cve.org
访问
cve.org
GLSA-200710-20
vendor-advisory
cve.org
访问
cve.org
ADV-2007-2704
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
DSA-1347
vendor-advisory
cve.org
访问
cve.org
RHSA-2007:0735
vendor-advisory
cve.org
访问
cve.org
20070816 FLEA-2007-0046-1 cups
mailing-list
cve.org
访问
cve.org
27281
third-party-advisory
cve.org
访问
cve.org
20070801-01-P
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
26436
third-party-advisory
cve.org
访问
cve.org
26343
third-party-advisory
cve.org
访问
cve.org
26407
third-party-advisory
cve.org
访问
cve.org
26255
third-party-advisory
cve.org
访问
cve.org
27156
third-party-advisory
cve.org
访问
cve.org
26318
third-party-advisory
cve.org
访问
cve.org
26470
third-party-advisory
cve.org
访问
cve.org
SUSE-SR:2007:015
vendor-advisory
cve.org
访问
cve.org
26297
third-party-advisory
cve.org
访问
cve.org
26405
third-party-advisory
cve.org
访问
cve.org
27637
third-party-advisory
cve.org
访问
cve.org
CVSS评分详情
6.8
MEDIUM
CVSS向量:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS版本:
2.0
机密性
PARTIAL
完整性
PARTIAL
可用性
PARTIAL
时间信息
发布时间:
2007-07-30 23:00:00
修改时间:
2024-08-07 14:14:13
创建时间:
2025-11-11 15:32:44
更新时间:
2025-11-11 15:49:19
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2007-3387 |
2025-11-11 15:17:53 | 2025-11-11 07:32:44 |
| NVD | nvd_CVE-2007-3387 |
2025-11-11 14:52:11 | 2025-11-11 07:41:31 |
| CNNVD | cnnvd_CNNVD-200707-553 |
2025-11-11 15:08:57 | 2025-11-11 07:49:19 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:49:19
vulnerability_type: 未提取 → 输入验证错误; cnnvd_id: 未提取 → CNNVD-200707-553; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 输入验证错误
- cnnvd_id: 未提取 -> CNNVD-200707-553
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:31
cvss_score: 未提取 → 6.8; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 9; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 6.8
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 9
- data_sources: ['cve'] -> ['cve', 'nvd']