| Vulnerability Name: | CVE-2005-3191 (CCN-23443) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2005-12-05 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2005-12-05 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: SCO Type: UNKNOWN SCOSA-2006.15 Source: SCO Type: UNKNOWN SCOSA-2006.20 Source: SCO Type: UNKNOWN SCOSA-2006.21 Source: SGI Type: UNKNOWN 20051201-01-U Source: SGI Type: UNKNOWN 20060101-01-U Source: SGI Type: UNKNOWN 20060201-01-U Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289 Source: MITRE Type: CNA CVE-2005-3191 Source: SUSE Type: UNKNOWN SUSE-SA:2006:001 Source: CCN Type: RHSA-2005-840 xpdf security update Source: CCN Type: RHSA-2005-867 gpdf security update Source: CCN Type: RHSA-2005-868 kdegraphics security update Source: REDHAT Type: Vendor Advisory RHSA-2005:868 Source: CCN Type: RHSA-2005-878 cups security update Source: CCN Type: RHSA-2006-0160 tetex security update Source: CCN Type: Chris Evans Security Advisory CESA-2005-003 - rev 2 xpdf (and derivatives) buffer and integer overflows Source: CCN Type: SA17897 Xpdf Multiple Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17897 Source: CCN Type: SA17908 KOffice KWord PDF Filter Xpdf Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17908 Source: CCN Type: SA17912 Poppler Xpdf Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17912 Source: CCN Type: SA17916 teTeX Xpdf Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17916 Source: CCN Type: SA17920 KDE kpdf Xpdf Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17920 Source: CCN Type: SA17921 pdftohtml Xpdf Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17921 Source: SECUNIA Type: Vendor Advisory 17926 Source: SECUNIA Type: Vendor Advisory 17929 Source: CCN Type: SA17940 GNOME gpdf Xpdf Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17940 Source: SECUNIA Type: UNKNOWN 17955 Source: CCN Type: SA17976 CUPS xpdf Multiple Buffer Overflow Vulnerabilities Source: SECUNIA Type: Vendor Advisory 17976 Source: SECUNIA Type: Vendor Advisory 18009 Source: SECUNIA Type: Vendor Advisory 18055 Source: SECUNIA Type: Vendor Advisory 18061 Source: SECUNIA Type: UNKNOWN 18147 Source: SECUNIA Type: Vendor Advisory 18189 Source: SECUNIA Type: Vendor Advisory 18191 Source: SECUNIA Type: Vendor Advisory 18192 Source: CCN Type: SA18303 xpdf Multiple Integer Overflow Vulnerabilities Source: SECUNIA Type: UNKNOWN 18303 Source: SECUNIA Type: Vendor Advisory 18313 Source: SECUNIA Type: Vendor Advisory 18336 Source: SECUNIA Type: Vendor Advisory 18349 Source: SECUNIA Type: UNKNOWN 18380 Source: SECUNIA Type: Vendor Advisory 18385 Source: SECUNIA Type: Vendor Advisory 18387 Source: SECUNIA Type: UNKNOWN 18389 Source: CCN Type: SA18398 libextractor Multiple Xpdf Vulnerabilities Source: SECUNIA Type: UNKNOWN 18398 Source: SECUNIA Type: UNKNOWN 18407 Source: SECUNIA Type: Vendor Advisory 18416 Source: SECUNIA Type: UNKNOWN 18428 Source: SECUNIA Type: UNKNOWN 18436 Source: SECUNIA Type: UNKNOWN 18448 Source: SECUNIA Type: UNKNOWN 18503 Source: SECUNIA Type: UNKNOWN 18517 Source: SECUNIA Type: UNKNOWN 18534 Source: SECUNIA Type: UNKNOWN 18549 Source: SECUNIA Type: UNKNOWN 18554 Source: SECUNIA Type: UNKNOWN 18582 Source: CCN Type: SA18674 GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18674 Source: SECUNIA Type: UNKNOWN 18675 Source: SECUNIA Type: UNKNOWN 18679 Source: SECUNIA Type: UNKNOWN 18908 Source: SECUNIA Type: UNKNOWN 18913 Source: SECUNIA Type: UNKNOWN 19230 Source: SECUNIA Type: UNKNOWN 19377 Source: SECUNIA Type: UNKNOWN 19797 Source: SECUNIA Type: UNKNOWN 19798 Source: CCN Type: SA25729 Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 25729 Source: SECUNIA Type: UNKNOWN 26413 Source: SREASON Type: UNKNOWN 233 Source: SREASON Type: UNKNOWN 234 Source: CCN Type: SECTRACK ID: 1015309 Xpdf Buffer Overflows in Processing DCT and JPX Streams May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015309 Source: CCN Type: SECTRACK ID: 1015324 KDE KOffice kpdf Buffer Overflows in Processing DCT and JPX Streams May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015324 Source: SLACKWARE Type: UNKNOWN SSA:2006-045-09 Source: SLACKWARE Type: UNKNOWN SSA:2006-045-04 Source: CCN Type: Sun Alert ID: 102972 Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code Source: SUNALERT Type: UNKNOWN 102972 Source: CCN Type: ASA-2006-007 cups security update (RHSA-2005-878) Source: CCN Type: ASA-2006-019 tetex security update (RHSA-2006-0160) Source: CCN Type: ASA-2006-094 UnixWare CUPS Multiple Buffer Overflow Vulnerabilities (SCOSA-2006.21) Source: CCN Type: ASA-2007-281 Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code (SUN 102972) Source: DEBIAN Type: UNKNOWN DSA-931 Source: DEBIAN Type: UNKNOWN DSA-932 Source: DEBIAN Type: UNKNOWN DSA-937 Source: DEBIAN Type: UNKNOWN DSA-938 Source: DEBIAN Type: UNKNOWN DSA-940 Source: DEBIAN Type: UNKNOWN DSA-936 Source: DEBIAN Type: UNKNOWN DSA-950 Source: DEBIAN Type: UNKNOWN DSA-961 Source: DEBIAN Type: UNKNOWN DSA-962 Source: DEBIAN Type: DSA-931 xpdf -- buffer overflows Source: DEBIAN Type: DSA-932 kdegraphics -- buffer overflows Source: DEBIAN Type: DSA-936 libextractor -- buffer overflows Source: DEBIAN Type: DSA-937 tetex-bin -- buffer overflows Source: DEBIAN Type: DSA-938 koffice -- buffer overflows Source: DEBIAN Type: DSA-940 gpdf -- buffer overflows Source: DEBIAN Type: DSA-950 cupsys -- buffer overflows Source: DEBIAN Type: DSA-961 pdfkit.framework -- buffer overflows Source: DEBIAN Type: DSA-962 pdftohtml -- buffer overflows Source: CCN Type: Xpdf Web site Xpdf: Download Source: CCN Type: GLSA-200512-08 Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200512-08 Source: CCN Type: GLSA-200601-02 KPdf, KWord: Multiple overflows in included Xpdf code Source: GENTOO Type: UNKNOWN GLSA-200601-02 Source: IDEFENSE Type: Patch, Vendor Advisory Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability Source: CCN Type: iDEFENSE Security Advisory 11.15.05 Multiple Vendor xpdf DCTStream Progressive Heap Overflow Source: IDEFENSE Type: Patch, Vendor Advisory 20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow Source: CONFIRM Type: UNKNOWN http://www.kde.org/info/security/advisory-20051207-1.txt Source: CCN Type: KDE Security Advisory 20051207-2 kpdf/xpdf multiple integer overflows Source: CONFIRM Type: UNKNOWN http://www.kde.org/info/security/advisory-20051207-2.txt Source: MANDRIVA Type: UNKNOWN MDKSA-2006:003 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:004 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:005 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:006 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:008 Source: MANDRAKE Type: UNKNOWN MDKSA-2006:010 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:011 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:012 Source: SUSE Type: UNKNOWN SUSE-SR:2005:029 Source: SUSE Type: UNKNOWN SUSE-SR:2006:002 Source: FEDORA Type: UNKNOWN FEDORA-2005-1126 Source: FEDORA Type: UNKNOWN FEDORA-2005-1127 Source: CCN Type: Fedora Update Notification FEDORA-2005-1141 Fedora Core 3 Update: cups-1.1.22-0.rc1.8.8 Source: FEDORA Type: UNKNOWN FEDORA-2005-1141 Source: CCN Type: Fedora Update Notification FEDORA-2005-1142 Fedora Core 4 Update: cups-1.1.23-15.2 Source: FEDORA Type: UNKNOWN FEDORA-2005-1142 Source: REDHAT Type: Vendor Advisory RHSA-2005:840 Source: REDHAT Type: Vendor Advisory RHSA-2005:867 Source: REDHAT Type: Vendor Advisory RHSA-2005:878 Source: REDHAT Type: UNKNOWN RHSA-2006:0160 Source: BUGTRAQ Type: UNKNOWN 20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice Source: FEDORA Type: UNKNOWN FLSA-2006:176751 Source: FEDORA Type: UNKNOWN FLSA:175404 Source: BID Type: UNKNOWN 15726 Source: CCN Type: BID-15726 XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability Source: BID Type: UNKNOWN 15727 Source: CCN Type: BID-15727 XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability Source: TRUSTIX Type: UNKNOWN TSLSA-2005-0072 Source: CCN Type: TLSA-2006-2 Multiple vulnerabilities exist in cups Source: CCN Type: TLSA-2006-7 Multiple unspecified vulnerabilities Source: CCN Type: USN-227-1 xpdf vulnerabilities Source: UBUNTU Type: UNKNOWN USN-227-1 Source: VUPEN Type: UNKNOWN ADV-2005-2786 Source: VUPEN Type: UNKNOWN ADV-2005-2787 Source: VUPEN Type: UNKNOWN ADV-2005-2788 Source: VUPEN Type: UNKNOWN ADV-2005-2789 Source: VUPEN Type: UNKNOWN ADV-2005-2790 Source: VUPEN Type: UNKNOWN ADV-2005-2856 Source: VUPEN Type: UNKNOWN ADV-2007-2280 Source: XF Type: UNKNOWN xpdf-dctstream-progressive-bo(23443) Source: XF Type: UNKNOWN xpdf-dctstream-progressive-bo(23443) Source: XF Type: UNKNOWN xpdf-dctstream-baseline-bo(23444) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1609 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9760 Source: SUSE Type: SUSE-SA:2006:001 xpdf various security problems Source: SUSE Type: SUSE-SR:2005:029 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:030 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2006:001 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2006:002 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Name: | CVE-2005-3191 (CCN-23444) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2005-12-06 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2005-12-06 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-3191 Source: CCN Type: RHSA-2005-840 xpdf security update Source: CCN Type: RHSA-2005-867 gpdf security update Source: CCN Type: RHSA-2005-868 kdegraphics security update Source: CCN Type: RHSA-2005-878 cups security update Source: CCN Type: RHSA-2006-0160 tetex security update Source: CCN Type: Chris Evans Security Advisory CESA-2005-003 - rev 2 xpdf (and derivatives) buffer and integer overflows Source: CCN Type: SA17897 Xpdf Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SA17908 KOffice KWord PDF Filter Xpdf Buffer Overflow Vulnerabilities Source: CCN Type: SA17912 Poppler Xpdf Buffer Overflow Vulnerabilities Source: CCN Type: SA17916 teTeX Xpdf Buffer Overflow Vulnerabilities Source: CCN Type: SA17920 KDE kpdf Xpdf Buffer Overflow Vulnerabilities Source: CCN Type: SA17921 pdftohtml Xpdf Buffer Overflow Vulnerabilities Source: CCN Type: SA17940 GNOME gpdf Xpdf Buffer Overflow Vulnerabilities Source: CCN Type: SA17976 CUPS xpdf Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SA18303 xpdf Multiple Integer Overflow Vulnerabilities Source: CCN Type: SA18398 libextractor Multiple Xpdf Vulnerabilities Source: CCN Type: SA18674 GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities Source: CCN Type: SA25729 Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1015309 Xpdf Buffer Overflows in Processing DCT and JPX Streams May Let Remote Users Execute Arbitrary Code Source: CCN Type: SECTRACK ID: 1015324 KDE KOffice kpdf Buffer Overflows in Processing DCT and JPX Streams May Let Remote Users Execute Arbitrary Code Source: CCN Type: Sun Alert ID: 102972 Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code Source: CCN Type: ASA-2006-007 cups security update (RHSA-2005-878) Source: CCN Type: ASA-2006-019 tetex security update (RHSA-2006-0160) Source: CCN Type: ASA-2006-094 UnixWare CUPS Multiple Buffer Overflow Vulnerabilities (SCOSA-2006.21) Source: CCN Type: ASA-2007-281 Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code (SUN 102972) Source: DEBIAN Type: DSA-931 xpdf -- buffer overflows Source: DEBIAN Type: DSA-932 kdegraphics -- buffer overflows Source: DEBIAN Type: DSA-936 libextractor -- buffer overflows Source: DEBIAN Type: DSA-937 tetex-bin -- buffer overflows Source: DEBIAN Type: DSA-938 koffice -- buffer overflows Source: DEBIAN Type: DSA-940 gpdf -- buffer overflows Source: DEBIAN Type: DSA-950 cupsys -- buffer overflows Source: DEBIAN Type: DSA-961 pdfkit.framework -- buffer overflows Source: DEBIAN Type: DSA-962 pdftohtml -- buffer overflows Source: CCN Type: Xpdf Web site Xpdf: Download Source: CCN Type: GLSA-200512-08 Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities Source: CCN Type: GLSA-200601-02 KPdf, KWord: Multiple overflows in included Xpdf code Source: CCN Type: iDEFENSE Security Advisory 11.15.05 Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability Source: CCN Type: KDE Security Advisory 20051207-2 kpdf/xpdf multiple integer overflows Source: CCN Type: Fedora Update Notification FEDORA-2005-1141 Fedora Core 3 Update: cups-1.1.22-0.rc1.8.8 Source: CCN Type: Fedora Update Notification FEDORA-2005-1142 Fedora Core 4 Update: cups-1.1.23-15.2 Source: CCN Type: BID-15726 XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability Source: CCN Type: BID-15727 XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability Source: CCN Type: TLSA-2006-2 Multiple vulnerabilities exist in cups Source: CCN Type: TLSA-2006-7 Multiple unspecified vulnerabilities Source: CCN Type: USN-227-1 xpdf vulnerabilities Source: XF Type: UNKNOWN xpdf-dctstream-baseline-bo(23444) Source: SUSE Type: SUSE-SA:2006:001 xpdf various security problems Source: SUSE Type: SUSE-SR:2005:029 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:030 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2006:001 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2006:002 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||