Vulnerability Details : CVE-2005-3192
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-3192
- cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3192
27.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3192
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-3192
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2005-3192
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2005-3192
-
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
-
http://www.kde.org/info/security/advisory-20051207-1.txt
-
http://www.novell.com/linux/security/advisories/2006_02_sr.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/archive/1/427053/100/0/threaded
-
http://www.vupen.com/english/advisories/2005/2788
Site en construction
-
http://www.vupen.com/english/advisories/2007/2280
Site en construction
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
[SECURITY] Fedora Core 3 Update: cups-1.1.22-0.rc1.8.8
-
http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
U.S. | Let There Be Change | AccenturePatch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
Mandriva
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
Mandriva
-
http://scary.beasts.org/security/CESA-2005-003.txt
-
http://www.debian.org/security/2006/dsa-950
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution
-
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
Patch
-
http://www.debian.org/security/2006/dsa-962
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
Mandriva
-
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
-
http://www.securityfocus.com/archive/1/418883/100/0/threaded
-
http://securitytracker.com/id?1015324
Access Denied
-
http://www.debian.org/security/2006/dsa-961
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution
-
http://www.securityfocus.com/bid/15725
Patch
-
http://www.redhat.com/support/errata/RHSA-2005-840.html
SupportPatch;Vendor Advisory
-
https://issues.rpath.com/browse/RPL-1609
-
http://www.vupen.com/english/advisories/2005/2787
Site en construction
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
[SECURITY] Fedora Core 4 Update: cups-1.1.23-15.2
-
http://rhn.redhat.com/errata/RHSA-2005-868.html
Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2006-0160.html
Support
-
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
-
http://www.debian.org/security/2006/dsa-936
[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
#342289 - xpdf security problems partially affect pdftohtml as well - Debian Bug report logs
-
http://www.redhat.com/support/errata/RHSA-2005-878.html
SupportVendor Advisory
-
http://www.vupen.com/english/advisories/2005/2790
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10914
404 Not Found
-
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Object not found!
-
http://securitytracker.com/id?1015309
Access Denied
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
-
http://securityreason.com/securityalert/235
Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability - CXSecurity.com
-
http://www.securityfocus.com/archive/1/427990/100/0/threaded
-
http://securityreason.com/securityalert/240
Multiple buffer overflows in kpdf/koffice - CXSecurity.com
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
-
http://www.debian.org/security/2006/dsa-937
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
The Slackware Linux Project: Slackware Security Advisories
-
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities (GLSA 200512-08) — Gentoo security
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
The Slackware Linux Project: Slackware Security Advisories
-
http://www.debian.org/security/2005/dsa-931
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution
-
http://www.debian.org/security/2005/dsa-932
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
-
http://www.novell.com/linux/security/advisories/2005_29_sr.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2005-867.html
SupportVendor Advisory
-
http://www.kde.org/info/security/advisory-20051207-2.txt
-
http://www.vupen.com/english/advisories/2005/2755
Site en construction
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
[SECURITY] Fedora Core 3 Update: tetex-2.0.2-21.5
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
Mandriva
-
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
[SECURITY] Fedora Core 4 Update: tetex-3.0-7.FC4
-
http://www.vupen.com/english/advisories/2005/2789
Site en construction
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23442
Xpdf StreamPredictor() heap buffer overflow CVE-2005-3192 Vulnerability Report
-
http://www.trustix.org/errata/2005/0072/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
KPdf, KWord: Multiple overflows in included Xpdf code (GLSA 200601-02) — Gentoo security
-
http://www.vupen.com/english/advisories/2005/2856
Site en construction
-
http://www.vupen.com/english/advisories/2005/2786
Site en construction
-
http://www.ubuntulinux.org/usn/usn-227-1
USN-227-1: xpdf vulnerabilities | Ubuntu security notices | Ubuntu
Jump to