HTTP: KDE Multiple Products StreamPredictor() Integer Overflow
This signature detects attempts to exploit a known vulnerability in KDE. Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a Denial of Service condition.
Extended Description
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Affected Products
Debian debian_linux
References
CVE: CVE-2007-3387
Short Name
HTTP:STC:DL:KDE-INT-OVERFLOW
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-3387 Integer KDE Multiple Overflow Products StreamPredictor()
Release Date
09/20/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Apple
Freedesktop
Gpdf_project
Xpdfreader
Debian
Canonical
CVSS Score
6.8