CVE - CVE-2005-3627

CVE-ID
CVE-2005-3627	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:102972 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1~~ (Obsolete source) MISC:16143 URL:http://www.securityfocus.com/bid/16143 MISC:18147 URL:http://secunia.com/advisories/18147 MISC:18303 URL:http://secunia.com/advisories/18303 MISC:18312 URL:http://secunia.com/advisories/18312 MISC:18313 URL:http://secunia.com/advisories/18313 MISC:18329 URL:http://secunia.com/advisories/18329 MISC:18332 URL:http://secunia.com/advisories/18332 MISC:18334 URL:http://secunia.com/advisories/18334 MISC:18335 URL:http://secunia.com/advisories/18335 MISC:18338 URL:http://secunia.com/advisories/18338 MISC:18349 URL:http://secunia.com/advisories/18349 MISC:18373 URL:http://secunia.com/advisories/18373 MISC:18375 URL:http://secunia.com/advisories/18375 MISC:18380 URL:http://secunia.com/advisories/18380 MISC:18385 URL:http://secunia.com/advisories/18385 MISC:18387 URL:http://secunia.com/advisories/18387 MISC:18389 URL:http://secunia.com/advisories/18389 MISC:18398 URL:http://secunia.com/advisories/18398 MISC:18407 URL:http://secunia.com/advisories/18407 MISC:18414 URL:http://secunia.com/advisories/18414 MISC:18416 URL:http://secunia.com/advisories/18416 MISC:18423 URL:http://secunia.com/advisories/18423 MISC:18425 URL:http://secunia.com/advisories/18425 MISC:18428 URL:http://secunia.com/advisories/18428 MISC:18436 URL:http://secunia.com/advisories/18436 MISC:18448 URL:http://secunia.com/advisories/18448 MISC:18463 URL:http://secunia.com/advisories/18463 MISC:18517 URL:http://secunia.com/advisories/18517 MISC:18534 URL:http://secunia.com/advisories/18534 MISC:18554 URL:http://secunia.com/advisories/18554 MISC:18582 URL:http://secunia.com/advisories/18582 MISC:18642 URL:http://secunia.com/advisories/18642 MISC:18644 URL:http://secunia.com/advisories/18644 MISC:18674 URL:http://secunia.com/advisories/18674 MISC:18675 URL:http://secunia.com/advisories/18675 MISC:18679 URL:http://secunia.com/advisories/18679 MISC:18908 URL:http://secunia.com/advisories/18908 MISC:18913 URL:http://secunia.com/advisories/18913 MISC:19230 URL:http://secunia.com/advisories/19230 MISC:19377 URL:http://secunia.com/advisories/19377 MISC:20051201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U MISC:2006-0002 URL:~~http://www.trustix.org/errata/2006/0002/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20060101-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U MISC:20060201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U MISC:25729 URL:http://secunia.com/advisories/25729 MISC:ADV-2006-0047 URL:~~http://www.vupen.com/english/advisories/2006/0047~~ (Obsolete source) MISC:ADV-2007-2280 URL:~~http://www.vupen.com/english/advisories/2007/2280~~ (Obsolete source) MISC:DSA-931 URL:http://www.debian.org/security/2005/dsa-931 MISC:DSA-932 URL:http://www.debian.org/security/2005/dsa-932 MISC:DSA-936 URL:http://www.debian.org/security/2006/dsa-936 MISC:DSA-937 URL:http://www.debian.org/security/2005/dsa-937 MISC:DSA-938 URL:http://www.debian.org/security/2005/dsa-938 MISC:DSA-940 URL:http://www.debian.org/security/2005/dsa-940 MISC:DSA-950 URL:http://www.debian.org/security/2006/dsa-950 MISC:DSA-961 URL:http://www.debian.org/security/2006/dsa-961 MISC:DSA-962 URL:http://www.debian.org/security/2006/dsa-962 MISC:FEDORA-2005-025 URL:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html MISC:FEDORA-2005-026 URL:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html MISC:FLSA-2006:176751 URL:http://www.securityfocus.com/archive/1/427053/100/0/threaded MISC:FLSA:175404 URL:http://www.securityfocus.com/archive/1/427990/100/0/threaded MISC:GLSA-200601-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml MISC:GLSA-200601-17 URL:http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml MISC:MDKSA-2006:003 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:003~~ (Obsolete source) MISC:MDKSA-2006:004 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:004~~ (Obsolete source) MISC:MDKSA-2006:005 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:005~~ (Obsolete source) MISC:MDKSA-2006:006 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:006~~ (Obsolete source) MISC:MDKSA-2006:008 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:008~~ (Obsolete source) MISC:MDKSA-2006:010 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:010~~ (Obsolete source) MISC:MDKSA-2006:011 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:011~~ (Obsolete source) MISC:MDKSA-2006:012 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:012~~ (Obsolete source) MISC:RHSA-2006:0160 URL:http://www.redhat.com/support/errata/RHSA-2006-0160.html MISC:RHSA-2006:0163 URL:http://www.redhat.com/support/errata/RHSA-2006-0163.html MISC:RHSA-2006:0177 URL:http://rhn.redhat.com/errata/RHSA-2006-0177.html MISC:SCOSA-2006.15 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt MISC:SSA:2006-045-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 MISC:SSA:2006-045-09 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 MISC:SUSE-SA:2006:001 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html MISC:USN-236-1 URL:https://usn.ubuntu.com/236-1/ MISC:http://scary.beasts.org/security/CESA-2005-003.txt URL:http://scary.beasts.org/security/CESA-2005-003.txt MISC:http://www.kde.org/info/security/advisory-20051207-2.txt URL:http://www.kde.org/info/security/advisory-20051207-2.txt MISC:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html URL:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html MISC:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html URL:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html MISC:oval:org.mitre.oval:def:10200 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200 MISC:xpdf-readhuffmantables-bo(24024) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24024 MISC:xpdf-readscaninfo-bo(24025) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24025
Assigning CNA
Red Hat, Inc.
Date Record Created
20051116	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)