Intrusion Prevention

XPDF.StreamPredictor.Function.Stack.Buffer.Overflow

Description

This indicates an attempt to exploit a vulnerability that exists in xpdf, KDE and KOffice. This vulnerability is caused by an integer overflow in "StreamPredictor::StreamPredictor()". The vulnerable software fails to properly check the value of "nComps". Successful exploitation allows remote attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.

Affected Products

xpdf version 3.02 and prior
KDE versions 3.x
KOffice versions 1.x

Impact

System compromise: remote code execution.

Recommended Actions

Apply patch for KOffice 1.x :
ftp://ftp.kde.org/pub/kde/security_patches/koffice-xpdf-CVE-2007-3387.diff
Apply patch for KDE 3.x :
ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff
Apply patch for xpdf:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

CVE References

CVE-2007-3387