[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3627Date: (C)2005-12-31   (M)2023-12-22


Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-102972
BID-16143
SECUNIA-18147
SECUNIA-18303
SECUNIA-18312
SECUNIA-18313
SECUNIA-18329
SECUNIA-18332
SECUNIA-18334
SECUNIA-18335
SECUNIA-18338
SECUNIA-18349
SECUNIA-18373
SECUNIA-18375
SECUNIA-18380
SECUNIA-18385
SECUNIA-18387
SECUNIA-18389
SECUNIA-18398
SECUNIA-18407
SECUNIA-18414
SECUNIA-18416
SECUNIA-18423
SECUNIA-18425
SECUNIA-18428
SECUNIA-18436
SECUNIA-18448
SECUNIA-18463
SECUNIA-18517
SECUNIA-18534
SECUNIA-18554
SECUNIA-18582
SECUNIA-18642
SECUNIA-18644
SECUNIA-18674
SECUNIA-18675
SECUNIA-18679
SECUNIA-18908
SECUNIA-18913
SECUNIA-19230
SECUNIA-19377
20051201-01-U
2006-0002
20060101-01-U
20060201-01-U
SECUNIA-25729
ADV-2006-0047
ADV-2007-2280
DSA-931
DSA-932
DSA-936
DSA-937
DSA-938
DSA-940
DSA-950
DSA-961
DSA-962
FEDORA-2005-025
FEDORA-2005-026
FLSA-2006:176751
FLSA:175404
GLSA-200601-02
GLSA-200601-17
MDKSA-2006:003
MDKSA-2006:004
MDKSA-2006:005
MDKSA-2006:006
MDKSA-2006:008
MDKSA-2006:010
MDKSA-2006:011
MDKSA-2006:012
RHSA-2006:0160
RHSA-2006:0163
RHSA-2006:0177
SCOSA-2006.15
SSA:2006-045-04
SSA:2006-045-09
SUSE-SA:2006:001
USN-236-1
http://scary.beasts.org/security/CESA-2005-003.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
oval:org.mitre.oval:def:10200
xpdf-readhuffmantables-bo(24024)
xpdf-readscaninfo-bo(24025)

CWE    1
CWE-119

© SecPod Technologies