Vulnerability CVE-2005-3192

Vulnerability CVE-2005-3192

Published: 2005-12-07 Modified: 2012-02-12

Description:

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability	infamous41md	07.12.2005
High	Multiple buffer overflows in kpdf/koffice	Dirk Mueller	08.12.2005

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
XPDF -> XPDF

References:

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt

ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289

http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

http://rhn.redhat.com/errata/RHSA-2005-868.html

http://scary.beasts.org/security/CESA-2005-003.txt

http://securityreason.com/securityalert/235

http://securityreason.com/securityalert/240

http://securitytracker.com/id?1015309

http://securitytracker.com/id?1015324

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

http://www.debian.org/security/2005/dsa-931

http://www.debian.org/security/2005/dsa-932

http://www.debian.org/security/2006/dsa-936

http://www.debian.org/security/2006/dsa-937

http://www.debian.org/security/2006/dsa-950

http://www.debian.org/security/2006/dsa-961

http://www.debian.org/security/2006/dsa-962

http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml

http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities

http://www.kde.org/info/security/advisory-20051207-1.txt

http://www.kde.org/info/security/advisory-20051207-2.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

http://www.novell.com/linux/security/advisories/2005_29_sr.html

http://www.novell.com/linux/security/advisories/2006_02_sr.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html

http://www.redhat.com/support/errata/RHSA-2005-840.html

http://www.redhat.com/support/errata/RHSA-2005-867.html

http://www.redhat.com/support/errata/RHSA-2005-878.html

http://www.redhat.com/support/errata/RHSA-2006-0160.html

http://www.securityfocus.com/archive/1/418883/100/0/threaded

http://www.securityfocus.com/archive/1/427053/100/0/threaded

http://www.securityfocus.com/archive/1/427990/100/0/threaded

http://www.securityfocus.com/bid/15725

http://www.trustix.org/errata/2005/0072/

http://www.ubuntulinux.org/usn/usn-227-1

http://www.vupen.com/english/advisories/2005/2755

http://www.vupen.com/english/advisories/2005/2786

http://www.vupen.com/english/advisories/2005/2787

http://www.vupen.com/english/advisories/2005/2788

http://www.vupen.com/english/advisories/2005/2789

http://www.vupen.com/english/advisories/2005/2790

http://www.vupen.com/english/advisories/2005/2856

http://www.vupen.com/english/advisories/2007/2280

https://exchange.xforce.ibmcloud.com/vulnerabilities/23442

https://issues.rpath.com/browse/RPL-1609

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10914

Vulnerability CVE-2005-3192

See advisories in our WLB2 database:

Med.

Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability

High

Multiple buffer overflows in kpdf/koffice

CWE-119

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: