7.5
CVE-2005-3627
- EPSS 5.57%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:17:17
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.57% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://secunia.com/advisories/18517
http://secunia.com/advisories/18398
http://secunia.com/advisories/18407
http://secunia.com/advisories/25729
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
http://www.debian.org/security/2006/dsa-936
http://www.securityfocus.com/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.vupen.com/english/advisories/2007/2280
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
http://secunia.com/advisories/18554
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://secunia.com/advisories/19230
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
http://secunia.com/advisories/18147
http://secunia.com/advisories/18303
http://secunia.com/advisories/18313
http://secunia.com/advisories/18349
http://secunia.com/advisories/18380
http://secunia.com/advisories/18385
http://secunia.com/advisories/18387
http://secunia.com/advisories/18389
http://secunia.com/advisories/18416
http://secunia.com/advisories/18448
http://secunia.com/advisories/18534
http://secunia.com/advisories/18582
http://secunia.com/advisories/18674
http://secunia.com/advisories/18675
http://secunia.com/advisories/18679
http://secunia.com/advisories/18908
http://secunia.com/advisories/18913
http://secunia.com/advisories/19377
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
http://www.debian.org/security/2005/dsa-931
http://www.debian.org/security/2005/dsa-932
http://www.debian.org/security/2005/dsa-937
http://www.debian.org/security/2005/dsa-938
http://www.debian.org/security/2005/dsa-940
http://www.debian.org/security/2006/dsa-950
http://www.debian.org/security/2006/dsa-961
http://www.debian.org/security/2006/dsa-962
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
http://www.redhat.com/support/errata/RHSA-2006-0160.html
http://secunia.com/advisories/18428
http://secunia.com/advisories/18436
http://scary.beasts.org/security/CESA-2005-003.txt
http://secunia.com/advisories/18463
http://www.trustix.org/errata/2006/0002/
http://rhn.redhat.com/errata/RHSA-2006-0177.html
http://secunia.com/advisories/18312
http://secunia.com/advisories/18329
http://secunia.com/advisories/18332
http://secunia.com/advisories/18334
http://secunia.com/advisories/18338
http://secunia.com/advisories/18373
http://secunia.com/advisories/18375
http://secunia.com/advisories/18414
http://secunia.com/advisories/18423
http://secunia.com/advisories/18425
http://secunia.com/advisories/18642
http://secunia.com/advisories/18644
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
http://www.redhat.com/support/errata/RHSA-2006-0163.html
http://www.securityfocus.com/bid/16143
http://www.vupen.com/english/advisories/2006/0047
https://usn.ubuntu.com/236-1/
http://secunia.com/advisories/18335
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/24024
https://exchange.xforce.ibmcloud.com/vulnerabilities/24025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200