Oval Definition:oval:org.mitre.oval:def:9760
Revision Date:2013-04-29Version:11
Title:Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
Description:Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-3191
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • tetex-latex is earlier than 0:1.0.7-67.9
  • OR tetex-dvips is earlier than 0:1.0.7-67.9
  • OR tetex-fonts is earlier than 0:1.0.7-67.9
  • OR cups-libs is earlier than 1:1.1.17-13.3.34
  • OR tetex is earlier than 0:1.0.7-67.9
  • OR cups-devel is earlier than 1:1.1.17-13.3.34
  • OR tetex-afm is earlier than 0:1.0.7-67.9
  • OR xpdf is earlier than 1:2.02-9.8
  • OR tetex-xdvi is earlier than 0:1.0.7-67.9
  • OR cups is earlier than 1:1.1.17-13.3.34
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • tetex-latex is earlier than 0:2.0.2-22.EL4.7
  • OR kdegraphics-devel is earlier than 7:3.3.1-3.6
  • OR tetex-dvips is earlier than 0:2.0.2-22.EL4.7
  • OR kdegraphics is earlier than 7:3.3.1-3.6
  • OR tetex-fonts is earlier than 0:2.0.2-22.EL4.7
  • OR cups-libs is earlier than 1:1.1.22-0.rc1.9.9
  • OR tetex is earlier than 0:2.0.2-22.EL4.7
  • OR gpdf is earlier than 0:2.8.2-7.3
  • OR cups-devel is earlier than 1:1.1.22-0.rc1.9.9
  • OR tetex-afm is earlier than 0:2.0.2-22.EL4.7
  • OR xpdf is earlier than 1:3.00-11.10
  • OR tetex-xdvi is earlier than 0:2.0.2-22.EL4.7
  • OR tetex-doc is earlier than 0:2.0.2-22.EL4.7
  • OR cups is earlier than 1:1.1.22-0.rc1.9.9
    • BACK