Vulnerability Details : CVE-2005-3627
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-3627
- cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3627
3.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3627
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-3627
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2005-3627
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2005-3627
-
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
-
http://www.securityfocus.com/archive/1/427053/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200
404 Not Found
-
http://www.vupen.com/english/advisories/2007/2280
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
Mandriva
-
http://scary.beasts.org/security/CESA-2005-003.txt
Exploit;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-950
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code executionPatch;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-962
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
Mandriva
-
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
-
http://www.debian.org/security/2006/dsa-961
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code executionPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24024
Xpdf DCTStream::readHuffmanTables() buffer overflow CVE-2005-3627 Vulnerability Report
-
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows (GLSA 200601-17) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24025
Xpdf DCTStream::readScanInfo() buffer overflow CVE-2005-3627 Vulnerability Report
-
http://www.debian.org/security/2005/dsa-937
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
Mandriva
-
http://www.debian.org/security/2005/dsa-940
[SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution
-
http://www.redhat.com/support/errata/RHSA-2006-0160.html
SupportPatch;Vendor Advisory
-
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
[SECURITY] Fedora Core 3 Update: cups-1.1.22-0.rc1.8.9Patch
-
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
-
http://www.securityfocus.com/bid/16143
Patch
-
http://www.debian.org/security/2006/dsa-936
[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code executionPatch;Vendor Advisory
-
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Object not found!Patch;Vendor Advisory
-
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
[SECURITY] Fedora Core 4 Update: poppler-0.4.4-1.1
-
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
[SECURITY] Fedora Core 4 Update: cups-1.1.23-15.3Patch
-
https://usn.ubuntu.com/236-1/
404: Page not found | Ubuntu
-
http://www.securityfocus.com/archive/1/427990/100/0/threaded
-
http://www.trustix.org/errata/2006/0002/
Trustix | Empowering Trust and Security in the Digital Age
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
The Slackware Linux Project: Slackware Security Advisories
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
The Slackware Linux Project: Slackware Security Advisories
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
Mandriva
-
http://www.debian.org/security/2005/dsa-931
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution
-
http://www.vupen.com/english/advisories/2006/0047
Site en construction
-
http://www.debian.org/security/2005/dsa-932
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
-
http://www.kde.org/info/security/advisory-20051207-2.txt
Patch
-
http://rhn.redhat.com/errata/RHSA-2006-0177.html
RHSA-2006:0177 - Security Advisory - Red Hat Customer PortalPatch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2006-0163.html
Support
-
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
KPdf, KWord: Multiple overflows in included Xpdf code (GLSA 200601-02) — Gentoo securityPatch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-938
[SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution
-
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
[SECURITY] Fedora Core 3 Update: gpdf-2.8.2-7.2
Jump to