CVE-2005-3627
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
31/12/2005
Last modified:
19/10/2018
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- http://rhn.redhat.com/errata/RHSA-2006-0177.html
- http://scary.beasts.org/security/CESA-2005-003.txt
- http://secunia.com/advisories/18147
- http://secunia.com/advisories/18303
- http://secunia.com/advisories/18312
- http://secunia.com/advisories/18313
- http://secunia.com/advisories/18329
- http://secunia.com/advisories/18332
- http://secunia.com/advisories/18334
- http://secunia.com/advisories/18335
- http://secunia.com/advisories/18338
- http://secunia.com/advisories/18349
- http://secunia.com/advisories/18373
- http://secunia.com/advisories/18375
- http://secunia.com/advisories/18380
- http://secunia.com/advisories/18385
- http://secunia.com/advisories/18387
- http://secunia.com/advisories/18389
- http://secunia.com/advisories/18398
- http://secunia.com/advisories/18407
- http://secunia.com/advisories/18414
- http://secunia.com/advisories/18416
- http://secunia.com/advisories/18423
- http://secunia.com/advisories/18425
- http://secunia.com/advisories/18428
- http://secunia.com/advisories/18436
- http://secunia.com/advisories/18448
- http://secunia.com/advisories/18463
- http://secunia.com/advisories/18517
- http://secunia.com/advisories/18534
- http://secunia.com/advisories/18554
- http://secunia.com/advisories/18582
- http://secunia.com/advisories/18642
- http://secunia.com/advisories/18644
- http://secunia.com/advisories/18674
- http://secunia.com/advisories/18675
- http://secunia.com/advisories/18679
- http://secunia.com/advisories/18908
- http://secunia.com/advisories/18913
- http://secunia.com/advisories/19230
- http://secunia.com/advisories/19377
- http://secunia.com/advisories/25729
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- http://www.debian.org/security/2005/dsa-931
- http://www.debian.org/security/2005/dsa-932
- http://www.debian.org/security/2005/dsa-937
- http://www.debian.org/security/2005/dsa-938
- http://www.debian.org/security/2005/dsa-940
- http://www.debian.org/security/2006/dsa-936
- http://www.debian.org/security/2006/dsa-950
- http://www.debian.org/security/2006/dsa-961
- http://www.debian.org/security/2006/dsa-962
- http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- http://www.kde.org/info/security/advisory-20051207-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A003
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A004
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A005
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A006
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A008
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A010
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A011
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A012
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- http://www.redhat.com/support/errata/RHSA-2006-0160.html
- http://www.redhat.com/support/errata/RHSA-2006-0163.html
- http://www.securityfocus.com/archive/1/427053/100/0/threaded
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://www.securityfocus.com/bid/16143
- http://www.trustix.org/errata/2006/0002/
- http://www.vupen.com/english/advisories/2006/0047
- http://www.vupen.com/english/advisories/2007/2280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200
- https://usn.ubuntu.com/236-1/