Vulnerability CVE-2005-3192


Published: 2005-12-07   Modified: 2012-02-12

Description:
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability
infamous41md
07.12.2005
High
Multiple buffer overflows in kpdf/koffice
Dirk Mueller
08.12.2005

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
XPDF -> XPDF 

 References:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
http://rhn.redhat.com/errata/RHSA-2005-868.html
http://scary.beasts.org/security/CESA-2005-003.txt
http://securityreason.com/securityalert/235
http://securityreason.com/securityalert/240
http://securitytracker.com/id?1015309
http://securitytracker.com/id?1015324
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
http://www.debian.org/security/2005/dsa-931
http://www.debian.org/security/2005/dsa-932
http://www.debian.org/security/2006/dsa-936
http://www.debian.org/security/2006/dsa-937
http://www.debian.org/security/2006/dsa-950
http://www.debian.org/security/2006/dsa-961
http://www.debian.org/security/2006/dsa-962
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
http://www.kde.org/info/security/advisory-20051207-1.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
http://www.redhat.com/support/errata/RHSA-2005-840.html
http://www.redhat.com/support/errata/RHSA-2005-867.html
http://www.redhat.com/support/errata/RHSA-2005-878.html
http://www.redhat.com/support/errata/RHSA-2006-0160.html
http://www.securityfocus.com/archive/1/418883/100/0/threaded
http://www.securityfocus.com/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.securityfocus.com/bid/15725
http://www.trustix.org/errata/2005/0072/
http://www.ubuntulinux.org/usn/usn-227-1
http://www.vupen.com/english/advisories/2005/2755
http://www.vupen.com/english/advisories/2005/2786
http://www.vupen.com/english/advisories/2005/2787
http://www.vupen.com/english/advisories/2005/2788
http://www.vupen.com/english/advisories/2005/2789
http://www.vupen.com/english/advisories/2005/2790
http://www.vupen.com/english/advisories/2005/2856
http://www.vupen.com/english/advisories/2007/2280
https://exchange.xforce.ibmcloud.com/vulnerabilities/23442
https://issues.rpath.com/browse/RPL-1609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10914

Copyright 2022, cxsecurity.com

 

Back to Top