7.5

CVE-2005-3627

Exploit
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XpdfXpdf
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.57% 0.919
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://secunia.com/advisories/18517
Patch
Vendor Advisory
http://secunia.com/advisories/18398
Patch
Vendor Advisory
http://secunia.com/advisories/18407
Patch
Vendor Advisory
http://secunia.com/advisories/25729
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
http://www.debian.org/security/2006/dsa-936
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.vupen.com/english/advisories/2007/2280
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
http://secunia.com/advisories/18554
Patch
Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://secunia.com/advisories/19230
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Patch
Vendor Advisory
http://secunia.com/advisories/18147
http://secunia.com/advisories/18303
Patch
Vendor Advisory
http://secunia.com/advisories/18313
Patch
Vendor Advisory
http://secunia.com/advisories/18349
Patch
Vendor Advisory
http://secunia.com/advisories/18380
http://secunia.com/advisories/18385
Patch
Vendor Advisory
http://secunia.com/advisories/18387
Patch
Vendor Advisory
http://secunia.com/advisories/18389
Patch
Vendor Advisory
http://secunia.com/advisories/18416
Patch
Vendor Advisory
http://secunia.com/advisories/18448
Patch
Vendor Advisory
http://secunia.com/advisories/18534
Patch
Vendor Advisory
http://secunia.com/advisories/18582
Patch
Vendor Advisory
http://secunia.com/advisories/18674
Vendor Advisory
http://secunia.com/advisories/18675
Vendor Advisory
http://secunia.com/advisories/18679
Vendor Advisory
http://secunia.com/advisories/18908
Vendor Advisory
http://secunia.com/advisories/18913
http://secunia.com/advisories/19377
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
http://www.debian.org/security/2005/dsa-931
http://www.debian.org/security/2005/dsa-932
http://www.debian.org/security/2005/dsa-937
http://www.debian.org/security/2005/dsa-938
http://www.debian.org/security/2005/dsa-940
http://www.debian.org/security/2006/dsa-950
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-961
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-962
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
Patch
Vendor Advisory
http://www.kde.org/info/security/advisory-20051207-2.txt
Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
http://www.redhat.com/support/errata/RHSA-2006-0160.html
Patch
Vendor Advisory
http://secunia.com/advisories/18428
http://secunia.com/advisories/18436
http://scary.beasts.org/security/CESA-2005-003.txt
Vendor Advisory
Exploit
http://secunia.com/advisories/18463
http://www.trustix.org/errata/2006/0002/
http://rhn.redhat.com/errata/RHSA-2006-0177.html
Patch
Vendor Advisory
http://secunia.com/advisories/18312
Patch
Vendor Advisory
http://secunia.com/advisories/18329
Vendor Advisory
http://secunia.com/advisories/18332
Vendor Advisory
http://secunia.com/advisories/18334
Patch
Vendor Advisory
http://secunia.com/advisories/18338
Patch
Vendor Advisory
http://secunia.com/advisories/18373
http://secunia.com/advisories/18375
Vendor Advisory
http://secunia.com/advisories/18414
http://secunia.com/advisories/18423
Patch
Vendor Advisory
http://secunia.com/advisories/18425
http://secunia.com/advisories/18642
Vendor Advisory
http://secunia.com/advisories/18644
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
http://www.redhat.com/support/errata/RHSA-2006-0163.html
http://www.securityfocus.com/bid/16143
Patch
http://www.vupen.com/english/advisories/2006/0047
https://usn.ubuntu.com/236-1/
http://secunia.com/advisories/18335
Patch
Vendor Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
Patch
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24024
https://exchange.xforce.ibmcloud.com/vulnerabilities/24025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200