CVE - CVE-2005-3627

CVE-ID
CVE-2005-3627	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://scary.beasts.org/security/CESA-2005-003.txt CONFIRM:http://www.kde.org/info/security/advisory-20051207-2.txt DEBIAN:DSA-931 URL:http://www.debian.org/security/2005/dsa-931 DEBIAN:DSA-932 URL:http://www.debian.org/security/2005/dsa-932 DEBIAN:DSA-937 URL:http://www.debian.org/security/2005/dsa-937 DEBIAN:DSA-938 URL:http://www.debian.org/security/2005/dsa-938 DEBIAN:DSA-940 URL:http://www.debian.org/security/2005/dsa-940 DEBIAN:DSA-936 URL:http://www.debian.org/security/2006/dsa-936 DEBIAN:DSA-950 URL:http://www.debian.org/security/2006/dsa-950 DEBIAN:DSA-961 URL:http://www.debian.org/security/2006/dsa-961 DEBIAN:DSA-962 URL:http://www.debian.org/security/2006/dsa-962 FEDORA:FLSA:175404 URL:http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded FEDORA:FEDORA-2005-025 URL:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html FEDORA:FEDORA-2005-026 URL:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html FEDORA:FLSA-2006:176751 URL:http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded GENTOO:GLSA-200601-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml GENTOO:GLSA-200601-17 URL:http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml MANDRAKE:MDKSA-2006:010 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 MANDRIVA:MDKSA-2006:003 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 MANDRIVA:MDKSA-2006:004 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 MANDRIVA:MDKSA-2006:005 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 MANDRIVA:MDKSA-2006:006 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 MANDRIVA:MDKSA-2006:008 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 MANDRIVA:MDKSA-2006:012 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 MANDRIVA:MDKSA-2006:011 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 MANDRIVA:MDKSA-2006:010 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 REDHAT:RHSA-2006:0177 URL:http://rhn.redhat.com/errata/RHSA-2006-0177.html REDHAT:RHSA-2006:0160 URL:http://www.redhat.com/support/errata/RHSA-2006-0160.html REDHAT:RHSA-2006:0163 URL:http://www.redhat.com/support/errata/RHSA-2006-0163.html SCO:SCOSA-2006.15 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt SGI:20051201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U SGI:20060101-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U SGI:20060201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U SLACKWARE:SSA:2006-045-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 SLACKWARE:SSA:2006-045-09 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 SUNALERT:102972 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 SUSE:SUSE-SA:2006:001 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html TRUSTIX:2006-0002 URL:http://www.trustix.org/errata/2006/0002/ UBUNTU:USN-236-1 URL:http://www.ubuntulinux.org/support/documentation/usn/usn-236-1 CONFIRM:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html CONFIRM:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html BID:16143 URL:http://www.securityfocus.com/bid/16143 OVAL:oval:org.mitre.oval:def:10200 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10200 VUPEN:ADV-2006-0047 URL:http://www.vupen.com/english/advisories/2006/0047 VUPEN:ADV-2007-2280 URL:http://www.vupen.com/english/advisories/2007/2280 SECUNIA:18303 URL:http://secunia.com/advisories/18303 SECUNIA:18312 URL:http://secunia.com/advisories/18312 SECUNIA:18313 URL:http://secunia.com/advisories/18313 SECUNIA:18329 URL:http://secunia.com/advisories/18329 SECUNIA:18332 URL:http://secunia.com/advisories/18332 SECUNIA:18334 URL:http://secunia.com/advisories/18334 SECUNIA:18335 URL:http://secunia.com/advisories/18335 SECUNIA:18387 URL:http://secunia.com/advisories/18387 SECUNIA:18416 URL:http://secunia.com/advisories/18416 SECUNIA:18338 URL:http://secunia.com/advisories/18338 SECUNIA:18349 URL:http://secunia.com/advisories/18349 SECUNIA:18375 URL:http://secunia.com/advisories/18375 SECUNIA:18385 URL:http://secunia.com/advisories/18385 SECUNIA:18389 URL:http://secunia.com/advisories/18389 SECUNIA:18423 URL:http://secunia.com/advisories/18423 SECUNIA:18448 URL:http://secunia.com/advisories/18448 SECUNIA:18398 URL:http://secunia.com/advisories/18398 SECUNIA:18407 URL:http://secunia.com/advisories/18407 SECUNIA:18534 URL:http://secunia.com/advisories/18534 SECUNIA:18582 URL:http://secunia.com/advisories/18582 SECUNIA:18517 URL:http://secunia.com/advisories/18517 SECUNIA:18554 URL:http://secunia.com/advisories/18554 SECUNIA:18642 URL:http://secunia.com/advisories/18642 SECUNIA:18644 URL:http://secunia.com/advisories/18644 SECUNIA:18674 URL:http://secunia.com/advisories/18674 SECUNIA:18675 URL:http://secunia.com/advisories/18675 SECUNIA:18679 URL:http://secunia.com/advisories/18679 SECUNIA:18908 URL:http://secunia.com/advisories/18908 SECUNIA:18913 URL:http://secunia.com/advisories/18913 SECUNIA:19230 URL:http://secunia.com/advisories/19230 SECUNIA:19377 URL:http://secunia.com/advisories/19377 SECUNIA:18425 URL:http://secunia.com/advisories/18425 SECUNIA:18463 URL:http://secunia.com/advisories/18463 SECUNIA:18147 URL:http://secunia.com/advisories/18147 SECUNIA:18373 URL:http://secunia.com/advisories/18373 SECUNIA:18380 URL:http://secunia.com/advisories/18380 SECUNIA:18414 URL:http://secunia.com/advisories/18414 SECUNIA:18428 URL:http://secunia.com/advisories/18428 SECUNIA:18436 URL:http://secunia.com/advisories/18436 SECUNIA:25729 URL:http://secunia.com/advisories/25729 XF:xpdf-readhuffmantables-bo(24024) URL:http://xforce.iss.net/xforce/xfdb/24024 XF:xpdf-readscaninfo-bo(24025) URL:http://xforce.iss.net/xforce/xfdb/24025
Date Entry Created
20051116	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2005-3627