Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
rhn.redhat.com/errata/RHSA-2005-868.html
secunia.com/advisories/17897
secunia.com/advisories/17912
secunia.com/advisories/17916
secunia.com/advisories/17920
secunia.com/advisories/17926
secunia.com/advisories/17929
secunia.com/advisories/17940
secunia.com/advisories/17955
secunia.com/advisories/17956
secunia.com/advisories/17959
secunia.com/advisories/17976
secunia.com/advisories/18009
secunia.com/advisories/18055
secunia.com/advisories/18061
secunia.com/advisories/18147
secunia.com/advisories/18189
secunia.com/advisories/18191
secunia.com/advisories/18192
secunia.com/advisories/18303
secunia.com/advisories/18313
secunia.com/advisories/18336
secunia.com/advisories/18349
secunia.com/advisories/18380
secunia.com/advisories/18385
secunia.com/advisories/18387
secunia.com/advisories/18389
secunia.com/advisories/18398
secunia.com/advisories/18407
secunia.com/advisories/18416
secunia.com/advisories/18448
secunia.com/advisories/18517
secunia.com/advisories/18520
secunia.com/advisories/18534
secunia.com/advisories/18554
secunia.com/advisories/18582
secunia.com/advisories/18674
secunia.com/advisories/18675
secunia.com/advisories/18679
secunia.com/advisories/18908
secunia.com/advisories/18913
secunia.com/advisories/19125
secunia.com/advisories/19230
secunia.com/advisories/19377
secunia.com/advisories/19797
secunia.com/advisories/19798
secunia.com/advisories/25729
secunia.com/advisories/26413
securityreason.com/securityalert/236
securitytracker.com/id?1015309
securitytracker.com/id?1015324
slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
www.debian.org/security/2005/dsa-931
www.debian.org/security/2005/dsa-932
www.debian.org/security/2005/dsa-937
www.debian.org/security/2005/dsa-938
www.debian.org/security/2005/dsa-940
www.debian.org/security/2006/dsa-936
www.debian.org/security/2006/dsa-950
www.debian.org/security/2006/dsa-961
www.debian.org/security/2006/dsa-962
www.gentoo.org/security/en/glsa/glsa-200512-08.xml
www.gentoo.org/security/en/glsa/glsa-200601-02.xml
www.gentoo.org/security/en/glsa/glsa-200603-02.xml
www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true
www.kde.org/info/security/advisory-20051207-1.txt
www.kde.org/info/security/advisory-20051207-2.txt
www.mandriva.com/security/advisories?name=MDKSA-2006:003
www.mandriva.com/security/advisories?name=MDKSA-2006:004
www.mandriva.com/security/advisories?name=MDKSA-2006:005
www.mandriva.com/security/advisories?name=MDKSA-2006:006
www.mandriva.com/security/advisories?name=MDKSA-2006:008
www.mandriva.com/security/advisories?name=MDKSA-2006:010
www.mandriva.com/security/advisories?name=MDKSA-2006:011
www.mandriva.com/security/advisories?name=MDKSA-2006:012
www.novell.com/linux/security/advisories/2005_29_sr.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html
www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html
www.redhat.com/support/errata/RHSA-2005-840.html
www.redhat.com/support/errata/RHSA-2005-867.html
www.redhat.com/support/errata/RHSA-2005-878.html
www.redhat.com/support/errata/RHSA-2006-0160.html
www.securityfocus.com/archive/1/418883/100/0/threaded
www.securityfocus.com/archive/1/427053/100/0/threaded
www.securityfocus.com/archive/1/427990/100/0/threaded
www.securityfocus.com/bid/15721
www.trustix.org/errata/2005/0072/
www.ubuntulinux.org/usn/usn-227-1
www.vupen.com/english/advisories/2005/2787
www.vupen.com/english/advisories/2005/2789
www.vupen.com/english/advisories/2005/2790
www.vupen.com/english/advisories/2005/2856
www.vupen.com/english/advisories/2007/2280
exchange.xforce.ibmcloud.com/vulnerabilities/23441
issues.rpath.com/browse/RPL-1609
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440