| Vulnerability Name: | CVE-2005-0064 (CCN-18950) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2005-01-18 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2005-01-18 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Patch ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch Source: SCO Type: UNKNOWN SCOSA-2005.42 Source: CCN Type: BugTraq Mailing List, Thu Jun 09 2005 - 12:36:25 CDT libextractor: Multiple overflow vulnerabilities Source: MITRE Type: CNA CVE-2005-0064 Source: CONECTIVA Type: Patch, Vendor Advisory CLA-2005:921 Source: CCN Type: libExtractor Download Web page libExtractor - download page Source: BUGTRAQ Type: UNKNOWN 20050119 [USN-64-1] xpdf, CUPS vulnerabilities Source: CCN Type: RHSA-2005-026 tetex security update Source: CCN Type: RHSA-2005-034 xpdf security update Source: CCN Type: RHSA-2005-049 cups security update Source: CCN Type: RHSA-2005-053 CUPS security update Source: CCN Type: RHSA-2005-057 gpdf security update Source: CCN Type: RHSA-2005-059 xpdf security update Source: CCN Type: RHSA-2005-066 kdegraphics security update Source: SECUNIA Type: UNKNOWN 17277 Source: CCN Type: CIAC Information Bulletin P-142 XPDF/GPDF - CUPS Vulnerabilities Source: DEBIAN Type: Patch, Vendor Advisory DSA-645 Source: DEBIAN Type: Patch, Vendor Advisory DSA-648 Source: DEBIAN Type: DSA-645 cupsys -- buffer overflow Source: DEBIAN Type: DSA-648 xpdf -- buffer overflow Source: CCN Type: Xpdf Web site Xpdf: Download Source: CCN Type: GLSA-200501-28 Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 Source: CCN Type: GLSA-200501-30 CUPS: Stack overflow in included Xpdf code Source: CCN Type: GLSA-200501-31 teTeX, pTeX, CSTeX: Multiple vulnerabilities Source: CCN Type: GLSA-200501-32 KPdf, KOffice: Stack overflow in included Xpdf code Source: CCN Type: GLSA-200502-10 pdftohtml: Vulnerabilities in included Xpdf Source: CCN Type: GLSA-200506-06 libextractor: Multiple overflow vulnerabilities Source: CCN Type: iDEFENSE Security Advisory 01.18.05 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow Source: IDEFENSE Type: Exploit, Patch, Vendor Advisory 20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow Source: CCN Type: KDE Security Advisory 20050119-1 kpdf Buffer Overflow Vulnerability Source: CCN Type: KDE Security Advisory 20050120-1 KOffice PDF Import Filter Vulnerability Source: MANDRAKE Type: UNKNOWN MDKSA-2005:016 Source: MANDRAKE Type: UNKNOWN MDKSA-2005:017 Source: MANDRAKE Type: UNKNOWN MDKSA-2005:018 Source: MANDRAKE Type: UNKNOWN MDKSA-2005:019 Source: MANDRAKE Type: UNKNOWN MDKSA-2005:020 Source: MANDRAKE Type: UNKNOWN MDKSA-2005:021 Source: REDHAT Type: UNKNOWN RHSA-2005:026 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:034 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:053 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:057 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:059 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2005:066 Source: CCN Type: BID-12302 XPDF MAKEFILEKEY2 Function Remote Buffer Overflow Vulnerability Source: CCN Type: BID-13922 Libextractor Multiple Remote Buffer Overflow Vulnerabilities Source: TRUSTIX Type: Patch, Vendor Advisory 2005-0003 Source: CCN Type: USN-64-1 xpdf Source: FEDORA Type: Patch, Vendor Advisory FLSA:2352 Source: FEDORA Type: Patch, Vendor Advisory FLSA:2353 Source: XF Type: UNKNOWN xpdf-makefilekey2-bo(18950) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11781 Source: GENTOO Type: UNKNOWN GLSA-200501-28 Source: GENTOO Type: UNKNOWN GLSA-200502-10 Source: SUSE Type: SUSE-SR:2005:002 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:003 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:008 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||