Vulnerability CVE-2005-3193

Vulnerability CVE-2005-3193

Published: 2005-12-06 Modified: 2012-02-12

Description:

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability	infamous41md	07.12.2005

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.1/10	6.4/10	4.9/10

Exploit range	Attack complexity	Authentication
Remote	High	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
XPDF -> XPDF

References:

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt

ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

http://rhn.redhat.com/errata/RHSA-2005-868.html

http://securityreason.com/securityalert/236

http://securitytracker.com/id?1015309

http://securitytracker.com/id?1015324

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

http://www.debian.org/security/2005/dsa-931

http://www.debian.org/security/2005/dsa-932

http://www.debian.org/security/2005/dsa-937

http://www.debian.org/security/2005/dsa-938

http://www.debian.org/security/2005/dsa-940

http://www.debian.org/security/2006/dsa-936

http://www.debian.org/security/2006/dsa-950

http://www.debian.org/security/2006/dsa-961

http://www.debian.org/security/2006/dsa-962

http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml

http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml

http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true

http://www.kde.org/info/security/advisory-20051207-1.txt

http://www.kde.org/info/security/advisory-20051207-2.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

http://www.novell.com/linux/security/advisories/2005_29_sr.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html

http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html

http://www.redhat.com/support/errata/RHSA-2005-840.html

http://www.redhat.com/support/errata/RHSA-2005-867.html

http://www.redhat.com/support/errata/RHSA-2005-878.html

http://www.redhat.com/support/errata/RHSA-2006-0160.html

http://www.securityfocus.com/archive/1/418883/100/0/threaded

http://www.securityfocus.com/archive/1/427053/100/0/threaded

http://www.securityfocus.com/archive/1/427990/100/0/threaded

http://www.securityfocus.com/bid/15721

http://www.trustix.org/errata/2005/0072/

http://www.ubuntulinux.org/usn/usn-227-1

http://www.vupen.com/english/advisories/2005/2787

http://www.vupen.com/english/advisories/2005/2789

http://www.vupen.com/english/advisories/2005/2790

http://www.vupen.com/english/advisories/2005/2856

http://www.vupen.com/english/advisories/2007/2280

https://exchange.xforce.ibmcloud.com/vulnerabilities/23441

https://issues.rpath.com/browse/RPL-1609

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440

Vulnerability CVE-2005-3193

See advisories in our WLB2 database:

Med.

Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability

CWE-119

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

5.1/10

6.4/10

4.9/10

Remote

High

No required

Partial

Partial

Partial

Affected software

References: