[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3192Date: (C)2005-12-07   (M)2023-12-22


Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015309
SECTRACK-1015324
SUNALERT-102972
BID-15725
SECUNIA-17897
SECUNIA-17908
SECUNIA-17912
SECUNIA-17916
SECUNIA-17920
SECUNIA-17921
SECUNIA-17926
SECUNIA-17929
SECUNIA-17940
SECUNIA-17955
SECUNIA-17976
SECUNIA-18009
SECUNIA-18055
SECUNIA-18061
SECUNIA-18189
SECUNIA-18191
SECUNIA-18192
SECUNIA-18303
SECUNIA-18313
SECUNIA-18336
SECUNIA-18349
SECUNIA-18380
SECUNIA-18385
SECUNIA-18387
SECUNIA-18389
SECUNIA-18398
SECUNIA-18407
SECUNIA-18416
SECUNIA-18428
SECUNIA-18436
SECUNIA-18448
SECUNIA-18503
SECUNIA-18517
SECUNIA-18534
SECUNIA-18549
SECUNIA-18554
SECUNIA-18582
SECUNIA-18674
SECUNIA-18675
SECUNIA-18679
SECUNIA-18908
SECUNIA-18913
SECUNIA-19230
SECUNIA-19377
SECUNIA-19797
SECUNIA-19798
20051201-01-U
http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
http://www.securityfocus.com/archive/1/418883/100/0/threaded
20060101-01-U
20060201-01-U
SREASON-235
SREASON-240
SECUNIA-25729
SECUNIA-26413
ADV-2005-2755
ADV-2005-2786
ADV-2005-2787
ADV-2005-2788
ADV-2005-2789
ADV-2005-2790
ADV-2005-2856
ADV-2007-2280
DSA-931
DSA-932
DSA-936
DSA-937
DSA-950
DSA-961
DSA-962
FEDORA-2005-1126
FEDORA-2005-1127
FEDORA-2005-1141
FEDORA-2005-1142
FLSA-2006:176751
FLSA:175404
GLSA-200512-08
GLSA-200601-02
MDKSA-2006:003
MDKSA-2006:004
MDKSA-2006:005
MDKSA-2006:006
MDKSA-2006:008
MDKSA-2006:010
MDKSA-2006:011
RHSA-2005:840
RHSA-2005:867
RHSA-2005:868
RHSA-2005:878
RHSA-2006:0160
SCOSA-2006.15
SCOSA-2006.20
SCOSA-2006.21
SSA:2006-045-04
SSA:2006-045-09
SUSE-SA:2006:001
SUSE-SR:2005:029
SUSE-SR:2006:002
TSLSA-2005-0072
USN-227-1
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
http://scary.beasts.org/security/CESA-2005-003.txt
http://www.kde.org/info/security/advisory-20051207-1.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
https://issues.rpath.com/browse/RPL-1609
oval:org.mitre.oval:def:10914
xpdf-streampredictor-bo(23442)

CWE    1
CWE-119

© SecPod Technologies