Vulnerability Details : CVE-2005-3191
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2005-3191
- cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3191
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3191
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2005-3191
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2005-3191
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2005-3191
-
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
-
http://www.kde.org/info/security/advisory-20051207-1.txt
-
http://www.novell.com/linux/security/advisories/2006_02_sr.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/archive/1/427053/100/0/threaded
-
http://www.vupen.com/english/advisories/2005/2788
Site en construction
-
http://www.vupen.com/english/advisories/2007/2280
Site en construction
-
http://securityreason.com/securityalert/234
Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability - CXSecurity.com
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
[SECURITY] Fedora Core 3 Update: cups-1.1.22-0.rc1.8.8
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
Mandriva
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
Mandriva
-
http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
U.S. | Let There Be Change | AccenturePatch;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-950
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution
-
http://www.debian.org/security/2006/dsa-962
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
Mandriva
-
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
-
http://www.securityfocus.com/archive/1/418883/100/0/threaded
-
http://securitytracker.com/id?1015324
Access Denied
-
http://www.debian.org/security/2006/dsa-961
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution
-
http://www.redhat.com/support/errata/RHSA-2005-840.html
SupportVendor Advisory
-
https://issues.rpath.com/browse/RPL-1609
-
http://www.vupen.com/english/advisories/2005/2787
Site en construction
-
http://www.debian.org/security/2005/dsa-937
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
[SECURITY] Fedora Core 4 Update: cups-1.1.23-15.2
-
http://rhn.redhat.com/errata/RHSA-2005-868.html
Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
Mandriva
-
http://www.debian.org/security/2005/dsa-940
[SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution
-
http://www.redhat.com/support/errata/RHSA-2006-0160.html
Support
-
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
-
http://www.debian.org/security/2006/dsa-936
[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution
-
http://securityreason.com/securityalert/233
Multiple Vendor xpdf DCTStream Progressive Heap Overflow - CXSecurity.com
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
#342289 - xpdf security problems partially affect pdftohtml as well - Debian Bug report logs
-
http://www.redhat.com/support/errata/RHSA-2005-878.html
SupportVendor Advisory
-
http://www.vupen.com/english/advisories/2005/2790
Site en construction
-
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Object not found!
-
http://securitytracker.com/id?1015309
Access Denied
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23443
Xpdf DCTStream::readProgressiveSOF() heap buffer overflow CVE-2005-3191 Vulnerability Report
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9760
404 Not Found
-
http://www.securityfocus.com/bid/15726
-
http://www.securityfocus.com/archive/1/427990/100/0/threaded
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
The Slackware Linux Project: Slackware Security Advisories
-
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities (GLSA 200512-08) — Gentoo security
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
The Slackware Linux Project: Slackware Security Advisories
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
Mandriva
-
http://www.debian.org/security/2005/dsa-931
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution
-
http://www.debian.org/security/2005/dsa-932
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
-
http://www.novell.com/linux/security/advisories/2005_29_sr.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2005-867.html
SupportVendor Advisory
-
http://www.kde.org/info/security/advisory-20051207-2.txt
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23444
Xpdf DCTStream::readBaselineSOF() heap buffer overflow CVE-2005-3191 Vulnerability Report
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
[SECURITY] Fedora Core 3 Update: tetex-2.0.2-21.5
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
Mandriva
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
[SECURITY] Fedora Core 4 Update: tetex-3.0-7.FC4
-
http://www.vupen.com/english/advisories/2005/2789
Site en construction
-
http://www.trustix.org/errata/2005/0072/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.securityfocus.com/bid/15727
-
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
KPdf, KWord: Multiple overflows in included Xpdf code (GLSA 200601-02) — Gentoo security
-
http://www.vupen.com/english/advisories/2005/2856
Site en construction
-
http://www.vupen.com/english/advisories/2005/2786
Site en construction
-
http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
U.S. | Let There Be Change | AccenturePatch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-938
[SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution
-
http://www.ubuntulinux.org/usn/usn-227-1
USN-227-1: xpdf vulnerabilities | Ubuntu security notices | Ubuntu
Jump to