CVE - CVE-2005-3193

CVE-ID
CVE-2005-3193	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:15721 URL:http://www.securityfocus.com/bid/15721 BUGTRAQ:20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice URL:http://www.securityfocus.com/archive/1/418883/100/0/threaded CONFIRM:http://www.kde.org/info/security/advisory-20051207-1.txt CONFIRM:http://www.kde.org/info/security/advisory-20051207-2.txt CONFIRM:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html CONFIRM:https://issues.rpath.com/browse/RPL-1609 DEBIAN:DSA-931 URL:http://www.debian.org/security/2005/dsa-931 DEBIAN:DSA-932 URL:http://www.debian.org/security/2005/dsa-932 DEBIAN:DSA-936 URL:http://www.debian.org/security/2006/dsa-936 DEBIAN:DSA-937 URL:http://www.debian.org/security/2005/dsa-937 DEBIAN:DSA-938 URL:http://www.debian.org/security/2005/dsa-938 DEBIAN:DSA-940 URL:http://www.debian.org/security/2005/dsa-940 DEBIAN:DSA-950 URL:http://www.debian.org/security/2006/dsa-950 DEBIAN:DSA-961 URL:http://www.debian.org/security/2006/dsa-961 DEBIAN:DSA-962 URL:http://www.debian.org/security/2006/dsa-962 FEDORA:FEDORA-2005-1125 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html FEDORA:FEDORA-2005-1126 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html FEDORA:FEDORA-2005-1127 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html FEDORA:FEDORA-2005-1132 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html FEDORA:FEDORA-2005-1141 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html FEDORA:FEDORA-2005-1142 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html FEDORA:FEDORA-2005-1171 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html FEDORA:FLSA-2006:176751 URL:http://www.securityfocus.com/archive/1/427053/100/0/threaded FEDORA:FLSA:175404 URL:http://www.securityfocus.com/archive/1/427990/100/0/threaded GENTOO:GLSA-200512-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml GENTOO:GLSA-200601-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml GENTOO:GLSA-200603-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml IDEFENSE:20051205 Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability URL:http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true MANDRAKE:MDKSA-2006:010 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:010~~ (Obsolete source) MANDRIVA:MDKSA-2006:003 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:003~~ (Obsolete source) MANDRIVA:MDKSA-2006:004 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:004~~ (Obsolete source) MANDRIVA:MDKSA-2006:005 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:005~~ (Obsolete source) MANDRIVA:MDKSA-2006:006 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:006~~ (Obsolete source) MANDRIVA:MDKSA-2006:008 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:008~~ (Obsolete source) MANDRIVA:MDKSA-2006:011 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:011~~ (Obsolete source) MANDRIVA:MDKSA-2006:012 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:012~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11440 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440 REDHAT:RHSA-2005:840 URL:http://www.redhat.com/support/errata/RHSA-2005-840.html REDHAT:RHSA-2005:867 URL:http://www.redhat.com/support/errata/RHSA-2005-867.html REDHAT:RHSA-2005:868 URL:http://rhn.redhat.com/errata/RHSA-2005-868.html REDHAT:RHSA-2005:878 URL:http://www.redhat.com/support/errata/RHSA-2005-878.html REDHAT:RHSA-2006:0160 URL:http://www.redhat.com/support/errata/RHSA-2006-0160.html SCO:SCOSA-2006.15 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt SCO:SCOSA-2006.20 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt SCO:SCOSA-2006.21 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt SECTRACK:1015309 URL:http://securitytracker.com/id?1015309 SECTRACK:1015324 URL:http://securitytracker.com/id?1015324 SECUNIA:17897 URL:http://secunia.com/advisories/17897 SECUNIA:17912 URL:http://secunia.com/advisories/17912 SECUNIA:17916 URL:http://secunia.com/advisories/17916 SECUNIA:17920 URL:http://secunia.com/advisories/17920 SECUNIA:17926 URL:http://secunia.com/advisories/17926 SECUNIA:17929 URL:http://secunia.com/advisories/17929 SECUNIA:17940 URL:http://secunia.com/advisories/17940 SECUNIA:17955 URL:http://secunia.com/advisories/17955 SECUNIA:17956 URL:http://secunia.com/advisories/17956 SECUNIA:17959 URL:http://secunia.com/advisories/17959 SECUNIA:17976 URL:http://secunia.com/advisories/17976 SECUNIA:18009 URL:http://secunia.com/advisories/18009 SECUNIA:18055 URL:http://secunia.com/advisories/18055 SECUNIA:18061 URL:http://secunia.com/advisories/18061 SECUNIA:18147 URL:http://secunia.com/advisories/18147 SECUNIA:18189 URL:http://secunia.com/advisories/18189 SECUNIA:18191 URL:http://secunia.com/advisories/18191 SECUNIA:18192 URL:http://secunia.com/advisories/18192 SECUNIA:18303 URL:http://secunia.com/advisories/18303 SECUNIA:18313 URL:http://secunia.com/advisories/18313 SECUNIA:18336 URL:http://secunia.com/advisories/18336 SECUNIA:18349 URL:http://secunia.com/advisories/18349 SECUNIA:18380 URL:http://secunia.com/advisories/18380 SECUNIA:18385 URL:http://secunia.com/advisories/18385 SECUNIA:18387 URL:http://secunia.com/advisories/18387 SECUNIA:18389 URL:http://secunia.com/advisories/18389 SECUNIA:18398 URL:http://secunia.com/advisories/18398 SECUNIA:18407 URL:http://secunia.com/advisories/18407 SECUNIA:18416 URL:http://secunia.com/advisories/18416 SECUNIA:18448 URL:http://secunia.com/advisories/18448 SECUNIA:18517 URL:http://secunia.com/advisories/18517 SECUNIA:18520 URL:http://secunia.com/advisories/18520 SECUNIA:18534 URL:http://secunia.com/advisories/18534 SECUNIA:18554 URL:http://secunia.com/advisories/18554 SECUNIA:18582 URL:http://secunia.com/advisories/18582 SECUNIA:18674 URL:http://secunia.com/advisories/18674 SECUNIA:18675 URL:http://secunia.com/advisories/18675 SECUNIA:18679 URL:http://secunia.com/advisories/18679 SECUNIA:18908 URL:http://secunia.com/advisories/18908 SECUNIA:18913 URL:http://secunia.com/advisories/18913 SECUNIA:19125 URL:http://secunia.com/advisories/19125 SECUNIA:19230 URL:http://secunia.com/advisories/19230 SECUNIA:19377 URL:http://secunia.com/advisories/19377 SECUNIA:19797 URL:http://secunia.com/advisories/19797 SECUNIA:19798 URL:http://secunia.com/advisories/19798 SECUNIA:25729 URL:http://secunia.com/advisories/25729 SECUNIA:26413 URL:http://secunia.com/advisories/26413 SGI:20051201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U SGI:20060101-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U SGI:20060201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U SLACKWARE:SSA:2006-045-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 SLACKWARE:SSA:2006-045-09 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 SREASON:236 URL:http://securityreason.com/securityalert/236 SUNALERT:102972 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1~~ (Obsolete source) SUSE:SUSE-SA:2006:001 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html SUSE:SUSE-SR:2005:029 URL:http://www.novell.com/linux/security/advisories/2005_29_sr.html TRUSTIX:TSLSA-2005-0072 URL:~~http://www.trustix.org/errata/2005/0072/~~ (Obsolete source - check if archived by the Wayback Machine) UBUNTU:USN-227-1 URL:http://www.ubuntulinux.org/usn/usn-227-1 VUPEN:ADV-2005-2787 URL:~~http://www.vupen.com/english/advisories/2005/2787~~ (Obsolete source) VUPEN:ADV-2005-2789 URL:~~http://www.vupen.com/english/advisories/2005/2789~~ (Obsolete source) VUPEN:ADV-2005-2790 URL:~~http://www.vupen.com/english/advisories/2005/2790~~ (Obsolete source) VUPEN:ADV-2005-2856 URL:~~http://www.vupen.com/english/advisories/2005/2856~~ (Obsolete source) VUPEN:ADV-2007-2280 URL:~~http://www.vupen.com/english/advisories/2007/2280~~ (Obsolete source) XF:xpdf-jpx-stream-bo(23441) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/23441
Assigning CNA
MITRE Corporation
Date Record Created
20051014	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051014)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)