CVE - CVE-2005-3193

CVE-ID
CVE-2005-3193	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20051205 Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability URL:http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true BUGTRAQ:20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice URL:http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded CONFIRM:http://www.kde.org/info/security/advisory-20051207-1.txt CONFIRM:http://www.kde.org/info/security/advisory-20051207-2.txt CONFIRM:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html CONFIRM:https://issues.rpath.com/browse/RPL-1609 DEBIAN:DSA-931 URL:http://www.debian.org/security/2005/dsa-931 DEBIAN:DSA-932 URL:http://www.debian.org/security/2005/dsa-932 DEBIAN:DSA-937 URL:http://www.debian.org/security/2005/dsa-937 DEBIAN:DSA-938 URL:http://www.debian.org/security/2005/dsa-938 DEBIAN:DSA-940 URL:http://www.debian.org/security/2005/dsa-940 DEBIAN:DSA-936 URL:http://www.debian.org/security/2006/dsa-936 DEBIAN:DSA-950 URL:http://www.debian.org/security/2006/dsa-950 DEBIAN:DSA-961 URL:http://www.debian.org/security/2006/dsa-961 DEBIAN:DSA-962 URL:http://www.debian.org/security/2006/dsa-962 FEDORA:FEDORA-2005-1141 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html FEDORA:FEDORA-2005-1142 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html FEDORA:FEDORA-2005-1125 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html FEDORA:FEDORA-2005-1126 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html FEDORA:FEDORA-2005-1127 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html FEDORA:FEDORA-2005-1132 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html FEDORA:FEDORA-2005-1171 URL:http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html FEDORA:FLSA:175404 URL:http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded FEDORA:FLSA-2006:176751 URL:http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded GENTOO:GLSA-200512-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml GENTOO:GLSA-200601-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml GENTOO:GLSA-200603-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml MANDRAKE:MDKSA-2006:010 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 MANDRIVA:MDKSA-2006:003 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 MANDRIVA:MDKSA-2006:004 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 MANDRIVA:MDKSA-2006:005 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 MANDRIVA:MDKSA-2006:006 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 MANDRIVA:MDKSA-2006:008 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 MANDRIVA:MDKSA-2006:012 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 MANDRIVA:MDKSA-2006:011 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 MANDRIVA:MDKSA-2006:010 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 REDHAT:RHSA-2005:840 URL:http://www.redhat.com/support/errata/RHSA-2005-840.html REDHAT:RHSA-2005:867 URL:http://www.redhat.com/support/errata/RHSA-2005-867.html REDHAT:RHSA-2005:878 URL:http://www.redhat.com/support/errata/RHSA-2005-878.html REDHAT:RHSA-2005:868 URL:http://rhn.redhat.com/errata/RHSA-2005-868.html REDHAT:RHSA-2006:0160 URL:http://www.redhat.com/support/errata/RHSA-2006-0160.html SCO:SCOSA-2006.15 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt SCO:SCOSA-2006.20 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt SCO:SCOSA-2006.21 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt SGI:20051201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U SGI:20060101-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U SGI:20060201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U SLACKWARE:SSA:2006-045-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 SLACKWARE:SSA:2006-045-09 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 SUNALERT:102972 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 SUSE:SUSE-SA:2006:001 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html SUSE:SUSE-SR:2005:029 URL:http://www.novell.com/linux/security/advisories/2005_29_sr.html TRUSTIX:TSLSA-2005-0072 URL:http://www.trustix.org/errata/2005/0072/ UBUNTU:USN-227-1 URL:http://www.ubuntulinux.org/usn/usn-227-1 BID:15721 URL:http://www.securityfocus.com/bid/15721 OVAL:oval:org.mitre.oval:def:11440 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11440 VUPEN:ADV-2005-2789 URL:http://www.vupen.com/english/advisories/2005/2789 VUPEN:ADV-2005-2790 URL:http://www.vupen.com/english/advisories/2005/2790 VUPEN:ADV-2005-2856 URL:http://www.vupen.com/english/advisories/2005/2856 VUPEN:ADV-2005-2787 URL:http://www.vupen.com/english/advisories/2005/2787 VUPEN:ADV-2007-2280 URL:http://www.vupen.com/english/advisories/2007/2280 SECTRACK:1015309 URL:http://securitytracker.com/id?1015309 SECTRACK:1015324 URL:http://securitytracker.com/id?1015324 SECUNIA:17912 URL:http://secunia.com/advisories/17912 SECUNIA:17916 URL:http://secunia.com/advisories/17916 SECUNIA:17920 URL:http://secunia.com/advisories/17920 SECUNIA:17929 URL:http://secunia.com/advisories/17929 SECUNIA:17940 URL:http://secunia.com/advisories/17940 SECUNIA:17976 URL:http://secunia.com/advisories/17976 SECUNIA:18009 URL:http://secunia.com/advisories/18009 SECUNIA:18055 URL:http://secunia.com/advisories/18055 SECUNIA:18061 URL:http://secunia.com/advisories/18061 SECUNIA:17897 URL:http://secunia.com/advisories/17897 SECUNIA:17926 URL:http://secunia.com/advisories/17926 SECUNIA:18191 URL:http://secunia.com/advisories/18191 SECUNIA:18192 URL:http://secunia.com/advisories/18192 SECUNIA:18189 URL:http://secunia.com/advisories/18189 SECUNIA:18313 URL:http://secunia.com/advisories/18313 SECUNIA:18336 URL:http://secunia.com/advisories/18336 SECUNIA:18387 URL:http://secunia.com/advisories/18387 SECUNIA:18416 URL:http://secunia.com/advisories/18416 SECUNIA:18349 URL:http://secunia.com/advisories/18349 SECUNIA:18385 URL:http://secunia.com/advisories/18385 SECUNIA:18389 URL:http://secunia.com/advisories/18389 SECUNIA:18448 URL:http://secunia.com/advisories/18448 SECUNIA:18398 URL:http://secunia.com/advisories/18398 SECUNIA:18407 URL:http://secunia.com/advisories/18407 SECUNIA:18534 URL:http://secunia.com/advisories/18534 SECUNIA:18582 URL:http://secunia.com/advisories/18582 SECUNIA:18303 URL:http://secunia.com/advisories/18303 SECUNIA:18517 URL:http://secunia.com/advisories/18517 SECUNIA:18554 URL:http://secunia.com/advisories/18554 SECUNIA:17955 URL:http://secunia.com/advisories/17955 SECUNIA:17956 URL:http://secunia.com/advisories/17956 SECUNIA:17959 URL:http://secunia.com/advisories/17959 SECUNIA:18674 URL:http://secunia.com/advisories/18674 SECUNIA:18675 URL:http://secunia.com/advisories/18675 SECUNIA:18679 URL:http://secunia.com/advisories/18679 SECUNIA:18908 URL:http://secunia.com/advisories/18908 SECUNIA:18913 URL:http://secunia.com/advisories/18913 SECUNIA:19125 URL:http://secunia.com/advisories/19125 SECUNIA:19230 URL:http://secunia.com/advisories/19230 SECUNIA:19377 URL:http://secunia.com/advisories/19377 SECUNIA:18147 URL:http://secunia.com/advisories/18147 SECUNIA:18380 URL:http://secunia.com/advisories/18380 SECUNIA:18520 URL:http://secunia.com/advisories/18520 SECUNIA:19797 URL:http://secunia.com/advisories/19797 SECUNIA:19798 URL:http://secunia.com/advisories/19798 SECUNIA:25729 URL:http://secunia.com/advisories/25729 SECUNIA:26413 URL:http://secunia.com/advisories/26413 SREASON:236 URL:http://securityreason.com/securityalert/236 XF:xpdf-jpx-stream-bo(23441) URL:http://xforce.iss.net/xforce/xfdb/23441
Date Entry Created
20051014	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051014)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2005-3193