Vulnerability Name:

CVE-2005-3627 (CCN-24024)

Assigned:2005-12-31
Published:2005-12-31
Updated:2018-10-19
Summary:Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
CWE-119
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.15

Source: SGI
Type: UNKNOWN
20051201-01-U

Source: SGI
Type: UNKNOWN
20060101-01-U

Source: SGI
Type: UNKNOWN
20060201-01-U

Source: MITRE
Type: CNA
CVE-2005-3627

Source: SUSE
Type: Patch, Vendor Advisory
SUSE-SA:2006:001

Source: CCN
Type: RHSA-2005-840
xpdf security update

Source: CCN
Type: RHSA-2005-868
kdegraphics security update

Source: CCN
Type: RHSA-2006-0160
tetex security update

Source: CCN
Type: RHSA-2006-0163
cups security update

Source: CCN
Type: RHSA-2006-0177
gpdf security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0177

Source: CCN
Type: Chris Evans Security Advisory CESA-2005-003 - rev 2
xpdf (and derivatives) buffer and integer overflows

Source: MISC
Type: Exploit, Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txt

Source: SECUNIA
Type: UNKNOWN
18147

Source: CCN
Type: SA18303
xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18303

Source: CCN
Type: SA18312
Poppler Xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18312

Source: SECUNIA
Type: Patch, Vendor Advisory
18313

Source: CCN
Type: SA18329
teTeX Xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18329

Source: CCN
Type: SA18332
CUPS xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18332

Source: SECUNIA
Type: Patch, Vendor Advisory
18334

Source: SECUNIA
Type: Patch, Vendor Advisory
18335

Source: SECUNIA
Type: Patch, Vendor Advisory
18338

Source: SECUNIA
Type: Patch, Vendor Advisory
18349

Source: SECUNIA
Type: UNKNOWN
18373

Source: CCN
Type: SA18375
GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18375

Source: SECUNIA
Type: UNKNOWN
18380

Source: SECUNIA
Type: Patch, Vendor Advisory
18385

Source: SECUNIA
Type: Patch, Vendor Advisory
18387

Source: SECUNIA
Type: Patch, Vendor Advisory
18389

Source: CCN
Type: SA18398
libextractor Multiple Xpdf Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18398

Source: SECUNIA
Type: Patch, Vendor Advisory
18407

Source: SECUNIA
Type: UNKNOWN
18414

Source: SECUNIA
Type: Patch, Vendor Advisory
18416

Source: SECUNIA
Type: Patch, Vendor Advisory
18423

Source: SECUNIA
Type: UNKNOWN
18425

Source: SECUNIA
Type: UNKNOWN
18428

Source: SECUNIA
Type: UNKNOWN
18436

Source: SECUNIA
Type: Patch, Vendor Advisory
18448

Source: SECUNIA
Type: UNKNOWN
18463

Source: SECUNIA
Type: Patch, Vendor Advisory
18517

Source: SECUNIA
Type: Patch, Vendor Advisory
18534

Source: SECUNIA
Type: Patch, Vendor Advisory
18554

Source: SECUNIA
Type: Patch, Vendor Advisory
18582

Source: CCN
Type: SA18642
pdftohtml xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18642

Source: SECUNIA
Type: Vendor Advisory
18644

Source: CCN
Type: SA18674
GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18674

Source: SECUNIA
Type: Vendor Advisory
18675

Source: SECUNIA
Type: Vendor Advisory
18679

Source: SECUNIA
Type: Vendor Advisory
18908

Source: SECUNIA
Type: UNKNOWN
18913

Source: SECUNIA
Type: UNKNOWN
19230

Source: SECUNIA
Type: UNKNOWN
19377

Source: CCN
Type: SA25729
Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25729

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-045-09

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-045-04

Source: CCN
Type: Sun Alert ID: 102972
Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
102972

Source: CCN
Type: ASA-2006-009
cups security update (RHSA-2006-0163)

Source: CCN
Type: ASA-2006-012
gpdf security update (RHSA-2006-0177)

Source: CCN
Type: ASA-2006-019
tetex security update (RHSA-2006-0160)

Source: CCN
Type: ASA-2006-063
kdegraphics security update (RHSA-2006-0262)

Source: CCN
Type: ASA-2007-281
Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code (SUN 102972)

Source: DEBIAN
Type: UNKNOWN
DSA-931

Source: DEBIAN
Type: UNKNOWN
DSA-932

Source: DEBIAN
Type: UNKNOWN
DSA-937

Source: DEBIAN
Type: UNKNOWN
DSA-938

Source: DEBIAN
Type: UNKNOWN
DSA-940

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-936

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-950

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-961

Source: DEBIAN
Type: UNKNOWN
DSA-962

Source: DEBIAN
Type: DSA-1008
kdegraphics -- buffer overflow

Source: DEBIAN
Type: DSA-931
xpdf -- buffer overflows

Source: DEBIAN
Type: DSA-932
kdegraphics -- buffer overflows

Source: DEBIAN
Type: DSA-936
libextractor -- buffer overflows

Source: DEBIAN
Type: DSA-937
tetex-bin -- buffer overflows

Source: DEBIAN
Type: DSA-938
koffice -- buffer overflows

Source: DEBIAN
Type: DSA-940
gpdf -- buffer overflows

Source: DEBIAN
Type: DSA-950
cupsys -- buffer overflows

Source: DEBIAN
Type: DSA-961
pdfkit.framework -- buffer overflows

Source: DEBIAN
Type: DSA-962
pdftohtml -- buffer overflows

Source: CCN
Type: GLSA-200601-02
KPdf, KWord: Multiple overflows in included Xpdf code

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200601-02

Source: CCN
Type: GLSA-200601-17
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

Source: GENTOO
Type: UNKNOWN
GLSA-200601-17

Source: CCN
Type: KDE Security Advisory 20051207-2
kpdf/xpdf multiple integer overflows

Source: CONFIRM
Type: Patch
http://www.kde.org/info/security/advisory-20051207-2.txt

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:003

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:004

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:005

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:006

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:008

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2006:010

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:011

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:012

Source: CONFIRM
Type: Patch
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

Source: CONFIRM
Type: Patch
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

Source: FEDORA
Type: UNKNOWN
FEDORA-2005-025

Source: FEDORA
Type: UNKNOWN
FEDORA-2005-026

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0160

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0163

Source: FEDORA
Type: UNKNOWN
FLSA-2006:176751

Source: FEDORA
Type: UNKNOWN
FLSA:175404

Source: BID
Type: Patch
16143

Source: CCN
Type: BID-16143
KPDF and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2006-0002

Source: CCN
Type: TLSA-2006-2
Multiple vulnerabilities exist in cups

Source: CCN
Type: USN-236-1
xpdf vulnerabilities

Source: CCN
Type: USN-236-2
xpdf vulnerabilities in kword

Source: VUPEN
Type: UNKNOWN
ADV-2006-0047

Source: VUPEN
Type: UNKNOWN
ADV-2007-2280

Source: XF
Type: UNKNOWN
xpdf-readhuffmantables-bo(24024)

Source: XF
Type: UNKNOWN
xpdf-readhuffmantables-bo(24024)

Source: XF
Type: UNKNOWN
xpdf-readscaninfo-bo(24025)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10200

Source: UBUNTU
Type: UNKNOWN
USN-236-1

Source: SUSE
Type: SUSE-SA:2006:001
xpdf various security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:xpdf:xpdf:*:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-3627 (CCN-24025)

    Assigned:2005-11-16
    Published:2006-01-03
    Updated:2006-01-03
    Summary:Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
    CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
    5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2005-3627

    Source: CCN
    Type: RHSA-2005-840
    xpdf security update

    Source: CCN
    Type: RHSA-2005-868
    kdegraphics security update

    Source: CCN
    Type: RHSA-2006-0160
    tetex security update

    Source: CCN
    Type: RHSA-2006-0163
    cups security update

    Source: CCN
    Type: RHSA-2006-0177
    gpdf security update

    Source: CCN
    Type: Chris Evans Security Advisory CESA-2005-003 - rev 2
    xpdf (and derivatives) buffer and integer overflows

    Source: CCN
    Type: SA18303
    xpdf Multiple Integer Overflow Vulnerabilities

    Source: CCN
    Type: SA18312
    Poppler Xpdf Multiple Integer Overflow Vulnerabilities

    Source: CCN
    Type: SA18329
    teTeX Xpdf Multiple Integer Overflow Vulnerabilities

    Source: CCN
    Type: SA18332
    CUPS xpdf Multiple Integer Overflow Vulnerabilities

    Source: CCN
    Type: SA18375
    GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities

    Source: CCN
    Type: SA18398
    libextractor Multiple Xpdf Vulnerabilities

    Source: CCN
    Type: SA18642
    pdftohtml xpdf Multiple Integer Overflow Vulnerabilities

    Source: CCN
    Type: SA18674
    GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities

    Source: CCN
    Type: SA25729
    Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities

    Source: CCN
    Type: Sun Alert ID: 102972
    Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code

    Source: CCN
    Type: ASA-2006-009
    cups security update (RHSA-2006-0163)

    Source: CCN
    Type: ASA-2006-012
    gpdf security update (RHSA-2006-0177)

    Source: CCN
    Type: ASA-2006-019
    tetex security update (RHSA-2006-0160)

    Source: CCN
    Type: ASA-2006-063
    kdegraphics security update (RHSA-2006-0262)

    Source: CCN
    Type: ASA-2007-281
    Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code (SUN 102972)

    Source: DEBIAN
    Type: DSA-1008
    kdegraphics -- buffer overflow

    Source: DEBIAN
    Type: DSA-931
    xpdf -- buffer overflows

    Source: DEBIAN
    Type: DSA-932
    kdegraphics -- buffer overflows

    Source: DEBIAN
    Type: DSA-936
    libextractor -- buffer overflows

    Source: DEBIAN
    Type: DSA-937
    tetex-bin -- buffer overflows

    Source: DEBIAN
    Type: DSA-938
    koffice -- buffer overflows

    Source: DEBIAN
    Type: DSA-940
    gpdf -- buffer overflows

    Source: DEBIAN
    Type: DSA-950
    cupsys -- buffer overflows

    Source: DEBIAN
    Type: DSA-961
    pdfkit.framework -- buffer overflows

    Source: DEBIAN
    Type: DSA-962
    pdftohtml -- buffer overflows

    Source: CCN
    Type: GLSA-200601-02
    KPdf, KWord: Multiple overflows in included Xpdf code

    Source: CCN
    Type: GLSA-200601-17
    Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

    Source: CCN
    Type: KDE Security Advisory 20051207-2
    kpdf/xpdf multiple integer overflows

    Source: CCN
    Type: BID-16143
    KPDF and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities

    Source: CCN
    Type: TLSA-2006-2
    Multiple vulnerabilities exist in cups

    Source: CCN
    Type: USN-236-1
    xpdf vulnerabilities

    Source: CCN
    Type: USN-236-2
    xpdf vulnerabilities in kword

    Source: XF
    Type: UNKNOWN
    xpdf-readscaninfo-bo(24025)

    Source: SUSE
    Type: SUSE-SA:2006:001
    xpdf various security problems

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  • OR cpe:/a:kde:koffice:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*
  • OR cpe:/a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10200
    V
    		Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
    2013-04-29
    oval:com.redhat.rhsa:def:20050868
    P
    		RHSA-2005:868: kdegraphics security update (Important)
    2008-03-20
    oval:com.redhat.rhsa:def:20060160
    P
    		RHSA-2006:0160: tetex security update (Moderate)
    2008-03-20
    oval:org.debian:def:961
    V
    		buffer overflows
    2006-02-01
    oval:org.debian:def:962
    V
    		buffer overflows
    2006-02-01
    oval:org.debian:def:950
    V
    		buffer overflows
    2006-01-23
    oval:org.debian:def:940
    V
    		buffer overflows
    2006-01-13
    oval:org.debian:def:937
    V
    		buffer overflows
    2006-01-12
    oval:org.debian:def:938
    V
    		buffer overflows
    2006-01-12
    oval:org.debian:def:936
    V
    		buffer overflows
    2006-01-11
    oval:com.redhat.rhsa:def:20060177
    P
    		RHSA-2006:0177: gpdf security update (Important)
    2006-01-11
    oval:com.redhat.rhsa:def:20060163
    P
    		RHSA-2006:0163: cups security update (Important)
    2006-01-11
    oval:org.debian:def:931
    V
    		buffer overflows
    2006-01-09
    oval:org.debian:def:932
    V
    		buffer overflows
    2006-01-09
    oval:com.redhat.rhsa:def:20050840
    P
    		RHSA-2005:840: xpdf security update (Important)
    2005-12-20
    BACK
    xpdf xpdf *
    foolabs xpdf 3.01
    kde koffice 1.4.2
    kde kde 3.5
    pdftohtml pdftohtml 0.36
    poppler poppler 0.4.2
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    suse suse linux 1.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    turbolinux turbolinux appliance server 1.0_hosting_edition
    turbolinux turbolinux appliance server 1.0_workgroup_edition
    mandrakesoft mandrake linux corporate server 2.1
    suse suse linux 9.3