10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.184 Low
EPSS
Percentile
96.2%
CentOS Errata and Security Advisory CESA-2005:840-02
The xpdf package is an X Window System-based viewer for Portable Document
Format (PDF) files.
Several flaws were discovered in Xpdf. An attacker could construct a
carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.
Users of Xpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.
Red Hat would like to thank Derek B. Noonburg for reporting this issue and
providing a patch.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-December/074669.html
Affected packages:
xpdf
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | xpdf | < 0.92-17 | xpdf-0.92-17.i386.rpm |