Back to search
CVE-2005-3627
Published: Jan 6, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
16143
vdb-entry
x_refsource_BID
DSA-932
vendor-advisory
x_refsource_DEBIAN
18349
third-party-advisory
x_refsource_SECUNIA
18147
third-party-advisory
x_refsource_SECUNIA
http://scary.beasts.org/security/CESA-2005-003.txt
x_refsource_MISC
http://www.kde.org/info/security/advisory-20051207-2.txt
x_refsource_CONFIRM
18679
third-party-advisory
x_refsource_SECUNIA
18312
third-party-advisory
x_refsource_SECUNIA
18644
third-party-advisory
x_refsource_SECUNIA
USN-236-1
vendor-advisory
x_refsource_UBUNTU
18425
third-party-advisory
x_refsource_SECUNIA
18373
third-party-advisory
x_refsource_SECUNIA
18303
third-party-advisory
x_refsource_SECUNIA
DSA-931
vendor-advisory
x_refsource_DEBIAN
18554
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:003
vendor-advisory
x_refsource_MANDRIVA
19230
third-party-advisory
x_refsource_SECUNIA
102972
vendor-advisory
x_refsource_SUNALERT
MDKSA-2006:012
vendor-advisory
x_refsource_MANDRIVA
DSA-962
vendor-advisory
x_refsource_DEBIAN
RHSA-2006:0163
vendor-advisory
x_refsource_REDHAT
DSA-937
vendor-advisory
x_refsource_DEBIAN
18398
third-party-advisory
x_refsource_SECUNIA
FLSA-2006:176751
vendor-advisory
x_refsource_FEDORA
2006-0002
vendor-advisory
x_refsource_TRUSTIX
SUSE-SA:2006:001
vendor-advisory
x_refsource_SUSE
DSA-936
vendor-advisory
x_refsource_DEBIAN
FEDORA-2005-026
vendor-advisory
x_refsource_FEDORA
18329
third-party-advisory
x_refsource_SECUNIA
18463
third-party-advisory
x_refsource_SECUNIA
18642
third-party-advisory
x_refsource_SECUNIA
18674
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:005
vendor-advisory
x_refsource_MANDRIVA
18313
third-party-advisory
x_refsource_SECUNIA
18448
third-party-advisory
x_refsource_SECUNIA
18436
third-party-advisory
x_refsource_SECUNIA
18428
third-party-advisory
x_refsource_SECUNIA
18380
third-party-advisory
x_refsource_SECUNIA
18423
third-party-advisory
x_refsource_SECUNIA
18416
third-party-advisory
x_refsource_SECUNIA
RHSA-2006:0177
vendor-advisory
x_refsource_REDHAT
ADV-2007-2280
vdb-entry
x_refsource_VUPEN
GLSA-200601-02
vendor-advisory
x_refsource_GENTOO
18335
third-party-advisory
x_refsource_SECUNIA
xpdf-readscaninfo-bo(24025)
vdb-entry
x_refsource_XF
18407
third-party-advisory
x_refsource_SECUNIA
18332
third-party-advisory
x_refsource_SECUNIA
18517
third-party-advisory
x_refsource_SECUNIA
18582
third-party-advisory
x_refsource_SECUNIA
18534
third-party-advisory
x_refsource_SECUNIA
SSA:2006-045-09
vendor-advisory
x_refsource_SLACKWARE
18908
third-party-advisory
x_refsource_SECUNIA
25729
third-party-advisory
x_refsource_SECUNIA
18414
third-party-advisory
x_refsource_SECUNIA
xpdf-readhuffmantables-bo(24024)
vdb-entry
x_refsource_XF
MDKSA-2006:006
vendor-advisory
x_refsource_MANDRIVA
18338
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:008
vendor-advisory
x_refsource_MANDRIVA
RHSA-2006:0160
vendor-advisory
x_refsource_REDHAT
MDKSA-2006:010
vendor-advisory
x_refsource_MANDRAKE
DSA-940
vendor-advisory
x_refsource_DEBIAN
MDKSA-2006:004
vendor-advisory
x_refsource_MANDRIVA
ADV-2006-0047
vdb-entry
x_refsource_VUPEN
GLSA-200601-17
vendor-advisory
x_refsource_GENTOO
18389
third-party-advisory
x_refsource_SECUNIA
SSA:2006-045-04
vendor-advisory
x_refsource_SLACKWARE
19377
third-party-advisory
x_refsource_SECUNIA
FEDORA-2005-025
vendor-advisory
x_refsource_FEDORA
FLSA:175404
vendor-advisory
x_refsource_FEDORA
DSA-961
vendor-advisory
x_refsource_DEBIAN
18675
third-party-advisory
x_refsource_SECUNIA
18913
third-party-advisory
x_refsource_SECUNIA
DSA-938
vendor-advisory
x_refsource_DEBIAN
oval:org.mitre.oval:def:10200
vdb-entry
signature
x_refsource_OVAL
18334
third-party-advisory
x_refsource_SECUNIA
18375
third-party-advisory
x_refsource_SECUNIA
DSA-950
vendor-advisory
x_refsource_DEBIAN
18387
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:011
vendor-advisory
x_refsource_MANDRIVA
18385
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now