Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0064

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0064
Last Modified 21 Aug 2010 12:25:25
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0064

Summary

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Vulnerable Systems

Application

  • Xpdf 0.2

  • Xpdf 0.3

  • Xpdf 0.4

  • Xpdf 0.5

  • Xpdf 0.5a

  • Xpdf 0.6

  • Xpdf 0.7

  • Xpdf 0.7a

  • Xpdf 0.80

  • Xpdf 0.90

  • Xpdf 0.91

  • Xpdf 0.91a

  • Xpdf 0.91b

  • Xpdf 0.91c

  • Xpdf 0.92

  • Xpdf 0.92a

  • Xpdf 0.92b

  • Xpdf 0.92c

  • Xpdf 0.92d

  • Xpdf 0.92e

  • Xpdf 0.93

  • Xpdf 0.93a

  • Xpdf 0.93b

  • Xpdf 0.93c

  • Xpdf 1.0

  • Xpdf 1.0a

  • Xpdf 1.1

  • Xpdf 2.0

  • Xpdf 2.1

  • Xpdf 2.2

  • Xpdf 2.3

  • Xpdf 3.0


References

FEDORA - FLSA:2353

FEDORA - FLSA:2352

TRUSTIX - 2005-0003

REDHAT - RHSA-2005:066

REDHAT - RHSA-2005:059

REDHAT - RHSA-2005:057

REDHAT - RHSA-2005:053

REDHAT - RHSA-2005:034

IDEFENSE - 20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow

GENTOO - GLSA-200502-10

DEBIAN - DSA-648

DEBIAN - DSA-645

BUGTRAQ - 20050119 [USN-64-1] xpdf, CUPS vulnerabilities

CONECTIVA - CLA-2005:921

CONFIRM - ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch

REDHAT - RHSA-2005:026

SECUNIA - 17277

SCO - SCOSA-2005.42

MANDRAKE - MDKSA-2005:021

MANDRAKE - MDKSA-2005:020

MANDRAKE - MDKSA-2005:019

MANDRAKE - MDKSA-2005:018

MANDRAKE - MDKSA-2005:017

MANDRAKE - MDKSA-2005:016


Last Updated: 27 May 2016 10:39:39