Vulnerability Details : CVE-2005-3628
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
Vulnerability category: OverflowExecute code
Products affected by CVE-2005-3628
- cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3628
2.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3628
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
Vendor statements for CVE-2005-3628
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2005-3628
-
http://www.securityfocus.com/archive/1/427053/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287
404 Not Found
-
http://secunia.com/advisories/18582
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-950
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code executionPatch;Vendor Advisory
-
http://secunia.com/advisories/18534
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://secunia.com/advisories/18428
About Secunia Research | Flexera
-
http://www.debian.org/security/2006/dsa-962
[SECURITY] [DSA 962-1] New pdftohtml packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
Mandriva
-
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
-
http://www.debian.org/security/2006/dsa-961
[SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution
-
http://secunia.com/advisories/18387
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://secunia.com/advisories/18679
About Secunia Research | Flexera
-
http://secunia.com/advisories/18436
About Secunia Research | Flexera
-
http://secunia.com/advisories/18380
About Secunia Research | Flexera
-
http://secunia.com/advisories/18674
About Secunia Research | Flexera
-
http://www.debian.org/security/2005/dsa-937
[SECURITY] [DSA 937-1] New tetex-bin packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
Mandriva
-
http://secunia.com/advisories/19230
About Secunia Research | Flexera
-
http://www.debian.org/security/2005/dsa-940
[SECURITY] [DSA 940-1] New gpdf packages fix arbitrary code execution
-
http://www.redhat.com/support/errata/RHSA-2006-0160.html
SupportPatch;Vendor Advisory
-
http://secunia.com/advisories/18389
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://secunia.com/advisories/18398
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://secunia.com/advisories/18908
About Secunia Research | Flexera
-
http://www.debian.org/security/2006/dsa-936
[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code executionPatch;Vendor Advisory
-
http://secunia.com/advisories/18147
About Secunia Research | Flexera
-
http://secunia.com/advisories/18913
About Secunia Research | Flexera
-
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Object not found!Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/427990/100/0/threaded
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
The Slackware Linux Project: Slackware Security Advisories
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
The Slackware Linux Project: Slackware Security Advisories
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
Mandriva
-
http://www.debian.org/security/2005/dsa-931
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution
-
http://secunia.com/advisories/18416
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-932
[SECURITY] [DSA 932-1] New kpdf packages fix arbitrary code execution
-
http://secunia.com/advisories/18385
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://secunia.com/advisories/18407
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-938
[SECURITY] [DSA 938-1] New koffice packages fix arbitrary code execution
-
http://secunia.com/advisories/18675
About Secunia Research | Flexera
Jump to