Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3625

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-3625
Last Modified 08 Mar 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3625

Summary

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Debian Linux 3.0

  • Debian Linux 3.1

  • Gentoo Linux

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux 10.2

  • Mandrakesoft Mandrake Linux 2006

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

  • Mandrakesoft Mandrake Linux Corporate Server 3.0

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Enterprise Linux Desktop 4.0

  • Redhat Fedora Core Core 1.0

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Redhat Fedora Core Core 4.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

  • Redhat Linux Advanced Workstation 2.1

  • Sco Openserver 5.0.7

  • Sco Openserver 6.0

  • Slackware Linux 10.0

  • Slackware Linux 10.1

  • Slackware Linux 10.2

  • Slackware Linux 9.0

  • Slackware Linux 9.1

  • Suse Linux 1.0

  • Suse Linux 10.0

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Suse Linux 9.3

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.2

  • Trustix Secure Linux 3.0

  • Turbolinux 10

  • Turbolinux Appliance Server 1.0 Hosting Edition

  • Turbolinux Appliance Server 1.0 Workgroup Edition

  • Turbolinux Desktop 10.0

  • Turbolinux Fuji

  • Turbolinux Home

  • Turbolinux Multimedia

  • Turbolinux Personal

  • Turbolinux Server 10.0

  • Turbolinux Server 10.0 X86

  • Turbolinux Server 8.0

  • Turbolinux Workstation 8.0

  • Ubuntu Linux 4.1

  • Ubuntu Linux 5.04

  • Ubuntu Linux 5.10

Application

  • Easy Software Products Cups 1.1.22

  • Easy Software Products Cups 1.1.22 Rc1

  • Easy Software Products Cups 1.1.23

  • Easy Software Products Cups 1.1.23 Rc1

  • Kde Koffice 1.4

  • Kde Koffice 1.4.1

  • Kde Koffice 1.4.2

  • Kde Kpdf 3.2

  • Kde Kpdf 3.4.3

  • Kde Kword 1.4.2

  • Kdegraphics 3.2

  • Kdegraphics 3.4.3

  • Libextractor

  • Poppler 0.4.2

  • Sgi Propack 3.0

  • Tetex 1.0.7

  • Tetex 2.0

  • Tetex 2.0.1

  • Tetex 2.0.2

  • Tetex 3.0

  • Xpdf 3.0


References

UBUNTU - USN-236-1

BID - 16143

REDHAT - RHSA-2006:0160

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

CONFIRM - http://www.kde.org/info/security/advisory-20051207-2.txt

GENTOO - GLSA-200601-02

DEBIAN - DSA-961

DEBIAN - DSA-950

DEBIAN - DSA-936

SECUNIA - 18582

SECUNIA - 18554

SECUNIA - 18534

SECUNIA - 18517

SECUNIA - 18448

SECUNIA - 18423

SECUNIA - 18416

SECUNIA - 18407

SECUNIA - 18398

SECUNIA - 18389

SECUNIA - 18387

SECUNIA - 18385

SECUNIA - 18349

SECUNIA - 18338

SECUNIA - 18335

SECUNIA - 18334

SECUNIA - 18313

SECUNIA - 18312

SECUNIA - 18303

REDHAT - RHSA-2006:0177

SUSE - SUSE-SA:2006:001

VUPEN - ADV-2007-2280

VUPEN - ADV-2006-0047

MANDRIVA - MDKSA-2006:010

GENTOO - GLSA-200601-17

DEBIAN - DSA-962

DEBIAN - DSA-940

DEBIAN - DSA-938

DEBIAN - DSA-937

DEBIAN - DSA-932

DEBIAN - DSA-931

SECUNIA - 18908

SECUNIA - 18679

SECUNIA - 18675

SECUNIA - 18674

SECUNIA - 18644

SECUNIA - 18642

SECUNIA - 18375

SECUNIA - 18332

SECUNIA - 18329

MISC - http://scary.beasts.org/security/CESA-2005-003.txt

SGI - 20060101-01-U

SGI - 20051201-01-U

XF - xpdf-ccittfaxdecode-dctdecode-dos(24023)

TRUSTIX - 2006-0002

FEDORA - FLSA:175404

FEDORA - FLSA-2006:176751

REDHAT - RHSA-2006:0163

FEDORA - FEDORA-2005-026

FEDORA - FEDORA-2005-025

MANDRIVA - MDKSA-2006:012

MANDRIVA - MDKSA-2006:011

MANDRIVA - MDKSA-2006:008

MANDRIVA - MDKSA-2006:006

MANDRIVA - MDKSA-2006:005

MANDRIVA - MDKSA-2006:004

MANDRIVA - MDKSA-2006:003

SUNALERT - 102972

SLACKWARE - SSA:2006-045-04

SLACKWARE - SSA:2006-045-09

SECUNIA - 25729

SECUNIA - 19377

SECUNIA - 19230

SECUNIA - 18913

SECUNIA - 18463

SECUNIA - 18436

SECUNIA - 18428

SECUNIA - 18425

SECUNIA - 18414

SECUNIA - 18380

SECUNIA - 18373

SECUNIA - 18147

SGI - 20060201-01-U

SCO - SCOSA-2006.15


Last Updated: 27 May 2016 10:40:59