[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2005-3627

Date: (C)2005-12-31   (M)2017-10-11 


Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SUNALERT-102972
BID-16143
SECUNIA-18147
SECUNIA-18303
SECUNIA-18312
SECUNIA-18313
SECUNIA-18329
SECUNIA-18332
SECUNIA-18334
SECUNIA-18335
SECUNIA-18338
SECUNIA-18349
SECUNIA-18373
SECUNIA-18375
SECUNIA-18380
SECUNIA-18385
SECUNIA-18387
SECUNIA-18389
SECUNIA-18398
SECUNIA-18407
SECUNIA-18414
SECUNIA-18416
SECUNIA-18423
SECUNIA-18425
SECUNIA-18428
SECUNIA-18436
SECUNIA-18448
SECUNIA-18463
SECUNIA-18517
SECUNIA-18534
SECUNIA-18554
SECUNIA-18582
SECUNIA-18642
SECUNIA-18644
SECUNIA-18674
SECUNIA-18675
SECUNIA-18679
SECUNIA-18908
SECUNIA-18913
SECUNIA-19230
SECUNIA-19377
20051201-01-U
2006-0002
20060101-01-U
20060201-01-U
SECUNIA-25729
ADV-2006-0047
ADV-2007-2280
DSA-931
DSA-932
DSA-936
DSA-937
DSA-938
DSA-940
DSA-950
DSA-961
DSA-962
FEDORA-2005-025
FEDORA-2005-026
FLSA-2006:176751
FLSA:175404
GLSA-200601-02
GLSA-200601-17
MDKSA-2006:003
MDKSA-2006:004
MDKSA-2006:005
MDKSA-2006:006
MDKSA-2006:008
MDKSA-2006:010
MDKSA-2006:011
MDKSA-2006:012
RHSA-2006:0160
RHSA-2006:0163
RHSA-2006:0177
SCOSA-2006.15
SSA:2006-045-04
SSA:2006-045-09
SUSE-SA:2006:001
USN-236-1
http://scary.beasts.org/security/CESA-2005-003.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
xpdf-readhuffmantables-bo(24024)
xpdf-readscaninfo-bo(24025)

CWE    1
CWE-119

© 2013 SecPod Technologies