Vulnerability Details : CVE-2005-3628
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-3628
Probability of exploitation activity in the next 30 days: 2.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-3628
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
Vendor statements for CVE-2005-3628
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
- http://www.securityfocus.com/archive/1/427053/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287
-
http://www.debian.org/security/2006/dsa-950
Patch;Vendor Advisory
- http://www.debian.org/security/2006/dsa-962
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- http://www.debian.org/security/2006/dsa-961
- http://www.debian.org/security/2005/dsa-937
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- http://www.debian.org/security/2005/dsa-940
-
http://www.redhat.com/support/errata/RHSA-2006-0160.html
Patch;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-936
Patch;Vendor Advisory
-
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Patch;Vendor Advisory
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- http://www.debian.org/security/2005/dsa-931
- http://www.debian.org/security/2005/dsa-932
- http://www.debian.org/security/2005/dsa-938
- cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*