Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3627

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3627
Last Modified 28 Jul 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3627

Summary

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Vulnerable Systems

Application

  • Xpdf


References

UBUNTU - USN-236-1

BID - 16143

REDHAT - RHSA-2006:0160

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

CONFIRM - http://www.kde.org/info/security/advisory-20051207-2.txt

GENTOO - GLSA-200601-02

DEBIAN - DSA-961

DEBIAN - DSA-950

DEBIAN - DSA-936

SECUNIA - 18582

SECUNIA - 18554

SECUNIA - 18534

SECUNIA - 18517

SECUNIA - 18448

SECUNIA - 18423

SECUNIA - 18416

SECUNIA - 18407

SECUNIA - 18398

SECUNIA - 18389

SECUNIA - 18387

SECUNIA - 18385

SECUNIA - 18349

SECUNIA - 18338

SECUNIA - 18335

SECUNIA - 18334

SECUNIA - 18313

SECUNIA - 18312

SECUNIA - 18303

REDHAT - RHSA-2006:0177

SUSE - SUSE-SA:2006:001

VUPEN - ADV-2007-2280

VUPEN - ADV-2006-0047

MANDRIVA - MDKSA-2006:010

GENTOO - GLSA-200601-17

DEBIAN - DSA-962

DEBIAN - DSA-940

DEBIAN - DSA-938

DEBIAN - DSA-937

DEBIAN - DSA-932

DEBIAN - DSA-931

SECUNIA - 18908

SECUNIA - 18679

SECUNIA - 18675

SECUNIA - 18674

SECUNIA - 18644

SECUNIA - 18642

SECUNIA - 18375

SECUNIA - 18332

SECUNIA - 18329

MISC - http://scary.beasts.org/security/CESA-2005-003.txt

SGI - 20060101-01-U

SGI - 20051201-01-U

XF - xpdf-readscaninfo-bo(24025)

XF - xpdf-readhuffmantables-bo(24024)

TRUSTIX - 2006-0002

FEDORA - FLSA:175404

FEDORA - FLSA-2006:176751

REDHAT - RHSA-2006:0163

FEDORA - FEDORA-2005-026

FEDORA - FEDORA-2005-025

MANDRIVA - MDKSA-2006:012

MANDRIVA - MDKSA-2006:011

MANDRIVA - MDKSA-2006:008

MANDRIVA - MDKSA-2006:006

MANDRIVA - MDKSA-2006:005

MANDRIVA - MDKSA-2006:004

MANDRIVA - MDKSA-2006:003

SUNALERT - 102972

SLACKWARE - SSA:2006-045-04

SLACKWARE - SSA:2006-045-09

SECUNIA - 25729

SECUNIA - 19377

SECUNIA - 19230

SECUNIA - 18913

SECUNIA - 18463

SECUNIA - 18436

SECUNIA - 18428

SECUNIA - 18425

SECUNIA - 18414

SECUNIA - 18380

SECUNIA - 18373

SECUNIA - 18147

SGI - 20060201-01-U

SCO - SCOSA-2006.15


Last Updated: 27 May 2016 10:40:59