[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3193Date: (C)2005-12-06   (M)2023-12-22


Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015309
SECTRACK-1015324
SUNALERT-102972
BID-15721
SECUNIA-17897
SECUNIA-17912
SECUNIA-17916
SECUNIA-17920
SECUNIA-17926
SECUNIA-17929
SECUNIA-17940
SECUNIA-17955
SECUNIA-17956
SECUNIA-17959
SECUNIA-17976
SECUNIA-18009
SECUNIA-18055
SECUNIA-18061
SECUNIA-18147
SECUNIA-18189
SECUNIA-18191
SECUNIA-18192
SECUNIA-18303
SECUNIA-18313
SECUNIA-18336
SECUNIA-18349
SECUNIA-18380
SECUNIA-18385
SECUNIA-18387
SECUNIA-18389
SECUNIA-18398
SECUNIA-18407
SECUNIA-18416
SECUNIA-18448
SECUNIA-18517
SECUNIA-18520
SECUNIA-18534
SECUNIA-18554
SECUNIA-18582
SECUNIA-18674
SECUNIA-18675
SECUNIA-18679
SECUNIA-18908
SECUNIA-18913
SECUNIA-19125
SECUNIA-19230
SECUNIA-19377
SECUNIA-19797
SECUNIA-19798
20051201-01-U
http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true
http://www.securityfocus.com/archive/1/418883/100/0/threaded
20060101-01-U
20060201-01-U
SREASON-236
SECUNIA-25729
SECUNIA-26413
ADV-2005-2787
ADV-2005-2789
ADV-2005-2790
ADV-2005-2856
ADV-2007-2280
DSA-931
DSA-932
DSA-936
DSA-937
DSA-938
DSA-940
DSA-950
DSA-961
DSA-962
FEDORA-2005-1125
FEDORA-2005-1126
FEDORA-2005-1127
FEDORA-2005-1132
FEDORA-2005-1141
FEDORA-2005-1142
FEDORA-2005-1171
FLSA-2006:176751
FLSA:175404
GLSA-200512-08
GLSA-200601-02
GLSA-200603-02
MDKSA-2006:003
MDKSA-2006:004
MDKSA-2006:005
MDKSA-2006:006
MDKSA-2006:008
MDKSA-2006:010
MDKSA-2006:011
MDKSA-2006:012
RHSA-2005:840
RHSA-2005:867
RHSA-2005:868
RHSA-2005:878
RHSA-2006:0160
SCOSA-2006.15
SCOSA-2006.20
SCOSA-2006.21
SSA:2006-045-04
SSA:2006-045-09
SUSE-SA:2006:001
SUSE-SR:2005:029
TSLSA-2005-0072
USN-227-1
http://www.kde.org/info/security/advisory-20051207-1.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html
https://issues.rpath.com/browse/RPL-1609
oval:org.mitre.oval:def:11440
xpdf-jpx-stream-bo(23441)

CWE    1
CWE-119

© SecPod Technologies