7.5

CVE-2005-0064

Exploit
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XpdfXpdf Version0.2
XpdfXpdf Version0.3
XpdfXpdf Version0.4
XpdfXpdf Version0.5
XpdfXpdf Version0.5a
XpdfXpdf Version0.6
XpdfXpdf Version0.7
XpdfXpdf Version0.7a
XpdfXpdf Version0.80
XpdfXpdf Version0.90
XpdfXpdf Version0.91
XpdfXpdf Version0.91a
XpdfXpdf Version0.91b
XpdfXpdf Version0.91c
XpdfXpdf Version0.92
XpdfXpdf Version0.92a
XpdfXpdf Version0.92b
XpdfXpdf Version0.92c
XpdfXpdf Version0.92d
XpdfXpdf Version0.92e
XpdfXpdf Version0.93
XpdfXpdf Version0.93a
XpdfXpdf Version0.93b
XpdfXpdf Version0.93c
XpdfXpdf Version1.0
XpdfXpdf Version1.0a
XpdfXpdf Version1.1
XpdfXpdf Version2.0
XpdfXpdf Version2.1
XpdfXpdf Version2.2
XpdfXpdf Version2.3
XpdfXpdf Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.22% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.trustix.org/errata/2005/0003/
Patch
Vendor Advisory
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
Patch
Vendor Advisory
http://secunia.com/advisories/17277
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-053.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-057.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-066.html
Patch
Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2352
Patch
Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2353
Patch
Vendor Advisory
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Patch
http://marc.info/?l=bugtraq&m=110625368019554&w=2
http://www.debian.org/security/2005/dsa-645
Patch
Vendor Advisory
http://www.debian.org/security/2005/dsa-648
Patch
Vendor Advisory
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
Patch
Vendor Advisory
Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
http://www.redhat.com/support/errata/RHSA-2005-059.html
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781
https://security.gentoo.org/glsa/200501-28
https://security.gentoo.org/glsa/200502-10