Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3193

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-3193
Last Modified 17 Oct 2011 12:00:00
Published 06 Dec 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3193

Summary

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

Vulnerable Systems

Application

  • Xpdf 0.90

  • Xpdf 0.91

  • Xpdf 0.92

  • Xpdf 0.93

  • Xpdf 1.0

  • Xpdf 1.0a

  • Xpdf 1.1

  • Xpdf 2.0

  • Xpdf 2.1

  • Xpdf 2.2

  • Xpdf 2.3

  • Xpdf 3.0

  • Xpdf 3.0 Pl2

  • Xpdf 3.0 Pl3

  • Xpdf 3.0.1


References

IDEFENSE - 20051205 Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability

XF - xpdf-jpx-stream-bo(23441)

VUPEN - ADV-2007-2280

VUPEN - ADV-2005-2856

VUPEN - ADV-2005-2790

VUPEN - ADV-2005-2789

VUPEN - ADV-2005-2787

UBUNTU - USN-227-1

TRUSTIX - TSLSA-2005-0072

BID - 15721

BUGTRAQ - 20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice

REDHAT - RHSA-2006:0160

REDHAT - RHSA-2005:878

REDHAT - RHSA-2005:867

REDHAT - RHSA-2005:840

FEDORA - FEDORA-2005-1132

FEDORA - FEDORA-2005-1142

FEDORA - FEDORA-2005-1141

MANDRIVA - MDKSA-2006:010

CONFIRM - http://www.kde.org/info/security/advisory-20051207-2.txt

CONFIRM - http://www.kde.org/info/security/advisory-20051207-1.txt

GENTOO - GLSA-200601-02

GENTOO - GLSA-200512-08

DEBIAN - DSA-950

DEBIAN - DSA-936

DEBIAN - DSA-940

DEBIAN - DSA-938

DEBIAN - DSA-937

DEBIAN - DSA-932

DEBIAN - DSA-931

SECTRACK - 1015324

SECTRACK - 1015309

SECUNIA - 18448

SECUNIA - 18416

SECUNIA - 18398

SECUNIA - 18389

SECUNIA - 18387

SECUNIA - 18385

SECUNIA - 18349

SECUNIA - 18336

SECUNIA - 18313

SECUNIA - 18192

SECUNIA - 18191

SECUNIA - 18189

SECUNIA - 18061

SECUNIA - 18055

SECUNIA - 18009

SECUNIA - 17976

SECUNIA - 17940

SECUNIA - 17929

SECUNIA - 17926

SECUNIA - 17920

SECUNIA - 17916

SECUNIA - 17912

SECUNIA - 17897

REDHAT - RHSA-2005:868

SUSE - SUSE-SA:2006:001

CONFIRM - https://issues.rpath.com/browse/RPL-1609

FEDORA - FLSA:175404

FEDORA - FLSA-2006:176751

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html

FEDORA - FEDORA-2005-1171

FEDORA - FEDORA-2005-1127

FEDORA - FEDORA-2005-1126

FEDORA - FEDORA-2005-1125

SUSE - SUSE-SR:2005:029

MANDRIVA - MDKSA-2006:012

MANDRIVA - MDKSA-2006:011

MANDRIVA - MDKSA-2006:008

MANDRIVA - MDKSA-2006:006

MANDRIVA - MDKSA-2006:005

MANDRIVA - MDKSA-2006:004

MANDRIVA - MDKSA-2006:003

GENTOO - GLSA-200603-02

DEBIAN - DSA-962

DEBIAN - DSA-961

SUNALERT - 102972

SLACKWARE - SSA:2006-045-04

SLACKWARE - SSA:2006-045-09

SREASON - 236

SECUNIA - 26413

SECUNIA - 25729

SECUNIA - 19798

SECUNIA - 19797

SECUNIA - 19377

SECUNIA - 19230

SECUNIA - 19125

SECUNIA - 18913

SECUNIA - 18908

SECUNIA - 18679

SECUNIA - 18675

SECUNIA - 18674

SECUNIA - 18582

SECUNIA - 18554

SECUNIA - 18534

SECUNIA - 18520

SECUNIA - 18517

SECUNIA - 18407

SECUNIA - 18380

SECUNIA - 18303

SECUNIA - 18147

SECUNIA - 17959

SECUNIA - 17956

SECUNIA - 17955

SGI - 20060201-01-U

SGI - 20060101-01-U

SGI - 20051201-01-U

SCO - SCOSA-2006.21

SCO - SCOSA-2006.20

SCO - SCOSA-2006.15


Last Updated: 27 May 2016 10:40:50