ID DSA-937Type debianReporter DebianModified 2006-01-12T00:00:00
Description
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
For the old stable distribution (woody) these problems have been fixed in version 1.0.7+20011202-7.7.
For the stable distribution (sarge) these problems have been fixed in version 2.0.2-30sarge4.
For the unstable distribution (sid) these problems have been fixed in version 0.4.3-2 of poppler against which tetex-bin links.
We recommend that you upgrade your tetex-bin package.
{"id": "DSA-937", "bulletinFamily": "unix", "title": "tetex-bin -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.0.7+20011202-7.7.\n\nFor the stable distribution (sarge) these problems have been fixed in version 2.0.2-30sarge4.\n\nFor the unstable distribution (sid) these problems have been fixed in version 0.4.3-2 of poppler against which tetex-bin links.\n\nWe recommend that you upgrade your tetex-bin package.", "published": "2006-01-12T00:00:00", "modified": "2006-01-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-937", "reporter": "Debian", "references": [], "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "type": "debian", "lastseen": "2018-07-04T01:15:27", "history": [{"bulletin": {"affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_alpha.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "i686", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_i386.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_hppa.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_alpha.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_ia64.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "hppa", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_hppa.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_sparc.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "x86-64", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_amd64.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_arm.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_powerpc.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_s390.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_mips.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_i386.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_arm.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_hppa.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_hppa.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_arm.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "x86-64", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_amd64.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mips", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_mips.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "alpha", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_alpha.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ia64", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_ia64.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_ia64.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_arm.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "alpha", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_alpha.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mipsel", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_mipsel.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_s390.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_s390.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4.dsc", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_sparc.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_alpha.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_mipsel.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "s390x", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_s390.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_mipsel.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_i386.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "sparc", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_sparc.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "s390x", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_s390.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ppc", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_powerpc.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_mips.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "arm", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_arm.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_i386.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_sparc.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_i386.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "m68k", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_m68k.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7.dsc", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_mipsel.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mipsel", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_mipsel.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_2.0.2.orig.tar.gz", "packageName": "tetex-bin", "packageVersion": "2.0.2.orig"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_powerpc.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "x86-64", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_amd64.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "arm", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_arm.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_powerpc.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "sparc", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_sparc.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_m68k.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_ia64.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4.diff.gz", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4.diff"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ppc", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_powerpc.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7.tar.gz", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_mips.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mips", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_mips.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_m68k.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "hppa", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_hppa.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ia64", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_ia64.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_m68k.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_s390.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "i686", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_i386.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_mips.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "m68k", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_m68k.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3624", "CVE-2005-3628"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.0.7+20011202-7.7.\n\nFor the stable distribution (sarge) these problems have been fixed in version 2.0.2-30sarge4.\n\nFor the unstable distribution (sid) these problems have been fixed in version 0.4.3-2 of poppler against which tetex-bin links.\n\nWe recommend that you upgrade your tetex-bin package.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6312b883fb6899e9ab8632168f3404647e407a14a59c218ced2d4567f7e0d60e", "hashmap": [{"hash": "b0f2f1835317e524913db38a25ba26b0", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7a18e69ba33312b13cf59d7fd0d0d3f1", "key": "modified"}, {"hash": "bdf7770b027e85029d2a8b6d23770cf2", "key": "affectedPackage"}, {"hash": "7a18e69ba33312b13cf59d7fd0d0d3f1", "key": "published"}, {"hash": "6fe8b98c53e8d099686936732785d471", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6e9552c9bd8e61c8f277c21220160234", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "ab3b924b864bf46c6bbe40b554cae64d", "key": "title"}, {"hash": "f9bf45c291297d09d944772a3fa5f6a4", "key": "cvelist"}, {"hash": "cc05e5312227d1a3eed92b4052afe489", "key": "description"}], "history": [], "href": "http://www.debian.org/security/dsa-937", "id": "DSA-937", "lastseen": "2016-09-02T18:25:41", "modified": "2006-01-12T00:00:00", "objectVersion": "1.2", "published": "2006-01-12T00:00:00", "references": [], "reporter": "Debian", "title": "tetex-bin -- buffer overflows", "type": "debian", "viewCount": 0}, "differentElements": ["cvelist"], "edition": 1, "lastseen": "2016-09-02T18:25:41"}], "edition": 2, "hashmap": [{"key": "affectedPackage", "hash": "bdf7770b027e85029d2a8b6d23770cf2"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "d32b623ec12b01765800c483edee08a9"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "cc05e5312227d1a3eed92b4052afe489"}, {"key": "href", "hash": "b0f2f1835317e524913db38a25ba26b0"}, {"key": "modified", "hash": "7a18e69ba33312b13cf59d7fd0d0d3f1"}, {"key": "published", "hash": "7a18e69ba33312b13cf59d7fd0d0d3f1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6fe8b98c53e8d099686936732785d471"}, {"key": "title", "hash": "ab3b924b864bf46c6bbe40b554cae64d"}, {"key": "type", "hash": "6e9552c9bd8e61c8f277c21220160234"}], "hash": "9e4e16d73691a517676dc5a0ee2f8a55bb8a974d520e4282ad5b40ccf55955fc", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_alpha.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "i686", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_i386.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_hppa.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_alpha.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_ia64.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "hppa", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_hppa.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_sparc.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "x86-64", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_amd64.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_arm.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_powerpc.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_s390.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_mips.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_i386.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_arm.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_hppa.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "hppa", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_hppa.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_arm.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "x86-64", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_amd64.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mips", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_mips.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "alpha", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_alpha.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ia64", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_ia64.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_ia64.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "arm", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_arm.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "alpha", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_alpha.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mipsel", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_mipsel.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_s390.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_s390.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4.dsc", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_sparc.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "alpha", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_alpha.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_mipsel.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "s390x", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_s390.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_mipsel.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_i386.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "sparc", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_sparc.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "s390x", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_s390.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ppc", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_powerpc.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_mips.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "arm", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_arm.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_i386.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "sparc", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_sparc.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "i686", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_i386.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "m68k", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_m68k.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7.dsc", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_mipsel.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mipsel", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_mipsel.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_2.0.2.orig.tar.gz", "packageName": "tetex-bin", "packageVersion": "2.0.2.orig"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_powerpc.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "x86-64", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_amd64.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "arm", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_arm.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ppc", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_powerpc.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "sparc", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_sparc.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea-dev_2.0.2-30sarge4_m68k.deb", "packageName": "libkpathsea-dev", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "ia64", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_ia64.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4.diff.gz", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4.diff"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ppc", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_powerpc.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "src", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7.tar.gz", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_mips.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "mips", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_mips.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_m68k.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "hppa", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_hppa.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "ia64", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_ia64.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "m68k", "operator": "lt", "packageFilename": "libkpathsea3_2.0.2-30sarge4_m68k.deb", "packageName": "libkpathsea3", "packageVersion": "2.0.2-30sarge4"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "s390x", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_s390.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mipsel", "operator": "lt", "packageFilename": "libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb", "packageName": "libkpathsea-dev", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "i686", "operator": "lt", "packageFilename": "tetex-bin_1.0.7+20011202-7.7_i386.deb", "packageName": "tetex-bin", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "arch": "mips", "operator": "lt", "packageFilename": "libkpathsea3_1.0.7+20011202-7.7_mips.deb", "packageName": "libkpathsea3", "packageVersion": "1.0.7+20011202-7.7"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "arch": "m68k", "operator": "lt", "packageFilename": "tetex-bin_2.0.2-30sarge4_m68k.deb", "packageName": "tetex-bin", "packageVersion": "2.0.2-30sarge4"}]}
{"debian": [{"lastseen": "2016-09-02T18:37:06", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_alpha.deb", "packageName": "ksnapshot", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_s390.deb", "packageName": "kolourpaint", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_powerpc.deb", "packageName": "kiconedit", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_powerpc.deb", "packageName": "kruler", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_sparc.deb", "packageName": "kiconedit", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_amd64.deb", "packageName": "libkscan-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_i386.deb", "packageName": "kmrml", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_sparc.deb", "packageName": "kruler", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_s390.deb", "packageName": "kiconedit", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_mipsel.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_alpha.deb", "packageName": "kfax", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_arm.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_hppa.deb", "packageName": "kooka", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_mipsel.deb", "packageName": "ksvg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_amd64.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_m68k.deb", "packageName": "kdegraphics-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_m68k.deb", "packageName": "ksnapshot", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_m68k.deb", "packageName": "kiconedit", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_hppa.deb", "packageName": "kuickshow", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_mips.deb", "packageName": "kolourpaint", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_s390.deb", "packageName": "kdegraphics-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_mipsel.deb", "packageName": "kghostview", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_ia64.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_sparc.deb", "packageName": "kfax", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_powerpc.deb", "packageName": "kviewshell", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_s390.deb", "packageName": "libkscan1", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_i386.deb", "packageName": "kpovmodeler", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_amd64.deb", "packageName": "libkscan1", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_i386.deb", "packageName": "kgamma", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_ia64.deb", "packageName": "kpdf", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_ia64.deb", "packageName": "kfax", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_amd64.deb", "packageName": "kdegraphics-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_mips.deb", "packageName": "kruler", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_arm.deb", "packageName": "kmrml", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_alpha.deb", "packageName": "kamera", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_alpha.deb", "packageName": "kpovmodeler", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_m68k.deb", "packageName": "kamera", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_alpha.deb", "packageName": "libkscan-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_mips.deb", "packageName": "kpovmodeler", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics_3.3.2-2sarge3_all.deb", "packageName": "kdegraphics", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_alpha.deb", "packageName": "kgamma", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_sparc.deb", "packageName": "ksvg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_i386.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_ia64.deb", "packageName": "ksvg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_hppa.deb", "packageName": "ksnapshot", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_powerpc.deb", "packageName": "kcoloredit", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_mips.deb", "packageName": "ksnapshot", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_hppa.deb", "packageName": "kghostview", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_hppa.deb", "packageName": "kiconedit", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2.orig", "packageFilename": "kdegraphics_3.3.2.orig.tar.gz", "packageName": "kdegraphics", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_mipsel.deb", "packageName": "kcoloredit", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_ia64.deb", "packageName": "kamera", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_alpha.deb", "packageName": "ksvg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_mips.deb", "packageName": "kfax", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_mipsel.deb", "packageName": "kfax", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_m68k.deb", "packageName": "kooka", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_arm.deb", "packageName": "kruler", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_s390.deb", "packageName": "kruler", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_alpha.deb", "packageName": "kolourpaint", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_mips.deb", "packageName": "kmrml", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_i386.deb", "packageName": "kviewshell", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_mips.deb", "packageName": "kamera", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_m68k.deb", "packageName": "kviewshell", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_mips.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_arm.deb", "packageName": "ksvg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_mipsel.deb", "packageName": "kiconedit", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_alpha.deb", "packageName": "kruler", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_arm.deb", "packageName": "kdegraphics-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_powerpc.deb", "packageName": "kpdf", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_mipsel.deb", "packageName": "kolourpaint", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_alpha.deb", "packageName": "kdvi", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_arm.deb", "packageName": "kghostview", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_arm.deb", "packageName": "kiconedit", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_amd64.deb", "packageName": "kpdf", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_alpha.deb", "packageName": "kcoloredit", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_mips.deb", "packageName": "kdvi", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_powerpc.deb", "packageName": "ksvg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_mipsel.deb", "packageName": "kdvi", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_mipsel.deb", "packageName": "kdegraphics-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_hppa.deb", "packageName": "kolourpaint", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_s390.deb", "packageName": "kmrml", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_ia64.deb", "packageName": "kooka", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_powerpc.deb", "packageName": "kpovmodeler", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_ia64.deb", "packageName": "kview", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_alpha.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_sparc.deb", "packageName": "libkscan1", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_ia64.deb", "packageName": "kdvi", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_amd64.deb", "packageName": "kooka", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_powerpc.deb", "packageName": "kgamma", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_s390.deb", "packageName": "kdvi", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_mips.deb", "packageName": "kcoloredit", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_hppa.deb", "packageName": "kviewshell", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_sparc.deb", "packageName": "libkscan-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_powerpc.deb", "packageName": "kview", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_mipsel.deb", "packageName": "kmrml", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_sparc.deb", "packageName": "kuickshow", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_sparc.deb", "packageName": "kpdf", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_arm.deb", "packageName": "kpovmodeler", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_mipsel.deb", "packageName": "libkscan-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_powerpc.deb", "packageName": "kooka", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_amd64.deb", "packageName": "kmrml", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_sparc.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_s390.deb", "packageName": "kamera", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_alpha.deb", "packageName": "kghostview", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_mipsel.deb", "packageName": "kooka", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_m68k.deb", "packageName": "kmrml", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_powerpc.deb", "packageName": "kmrml", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_m68k.deb", "packageName": "kolourpaint", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_m68k.deb", "packageName": "kruler", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_sparc.deb", "packageName": "kghostview", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_hppa.deb", "packageName": "kpovmodeler", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_mipsel.deb", "packageName": "libkscan1", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_arm.deb", "packageName": "kgamma", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_i386.deb", "packageName": "ksnapshot", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_arm.deb", "packageName": "kcoloredit", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_amd64.deb", "packageName": "kruler", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_sparc.deb", "packageName": "kamera", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics_3.3.2-2sarge3.dsc", "packageName": "kdegraphics", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_m68k.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_mipsel.deb", "packageName": "kuickshow", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_s390.deb", "packageName": "kpovmodeler", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_sparc.deb", "packageName": "kcoloredit", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_hppa.deb", "packageName": "kdegraphics-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_i386.deb", "packageName": "kiconedit", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_ia64.deb", "packageName": "ksnapshot", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_mips.deb", "packageName": "ksvg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_hppa.deb", "packageName": "kcoloredit", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_ia64.deb", "packageName": "kuickshow", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_sparc.deb", "packageName": "kmrml", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_i386.deb", "packageName": "kview", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_mips.deb", "packageName": "kviewshell", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_mipsel.deb", "packageName": "kruler", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_m68k.deb", "packageName": "kgamma", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_arm.deb", "packageName": "kview", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_amd64.deb", "packageName": "kolourpaint", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_amd64.deb", "packageName": "kdvi", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_amd64.deb", "packageName": "kiconedit", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_i386.deb", "packageName": "kamera", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_alpha.deb", "packageName": "kiconedit", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_sparc.deb", "packageName": "ksnapshot", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_hppa.deb", "packageName": "kruler", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_mipsel.deb", "packageName": "kgamma", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_hppa.deb", "packageName": "ksvg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_amd64.deb", "packageName": "kview", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_powerpc.deb", "packageName": "kdvi", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_i386.deb", "packageName": "kdegraphics-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_powerpc.deb", "packageName": "kamera", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_hppa.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_m68k.deb", "packageName": "kfax", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3.diff", "packageFilename": "kdegraphics_3.3.2-2sarge3.diff.gz", "packageName": "kdegraphics", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_arm.deb", "packageName": "kviewshell", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_s390.deb", "packageName": "kview", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_arm.deb", "packageName": "kolourpaint", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_arm.deb", "packageName": "ksnapshot", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_ia64.deb", "packageName": "kruler", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_ia64.deb", "packageName": "kcoloredit", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_mipsel.deb", "packageName": "kview", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_alpha.deb", "packageName": "kviewshell", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_hppa.deb", "packageName": "kview", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_arm.deb", "packageName": "kdvi", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_arm.deb", "packageName": "libkscan-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_hppa.deb", "packageName": "kpdf", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_powerpc.deb", "packageName": "kfax", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_m68k.deb", "packageName": "ksvg", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_amd64.deb", "packageName": "ksnapshot", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_s390.deb", "packageName": "kviewshell", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_mips.deb", "packageName": "kuickshow", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_sparc.deb", "packageName": "kpovmodeler", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_amd64.deb", "packageName": "kgamma", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_m68k.deb", "packageName": "kdvi", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_i386.deb", "packageName": "libkscan1", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_amd64.deb", "packageName": "kghostview", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_s390.deb", "packageName": "kghostview", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_amd64.deb", "packageName": "ksvg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_alpha.deb", "packageName": "kview", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_s390.deb", "packageName": "kfax", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_ia64.deb", "packageName": "kolourpaint", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_mips.deb", "packageName": "kiconedit", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_ia64.deb", "packageName": "kpovmodeler", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_s390.deb", "packageName": "kpdf", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_ia64.deb", "packageName": "kviewshell", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_ia64.deb", "packageName": "kdegraphics-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_ia64.deb", "packageName": "kghostview", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_hppa.deb", "packageName": "libkscan-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_mips.deb", "packageName": "kghostview", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_s390.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_mipsel.deb", "packageName": "ksnapshot", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_arm.deb", "packageName": "kuickshow", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_arm.deb", "packageName": "kamera", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_mips.deb", "packageName": "libkscan-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_arm.deb", "packageName": "kfax", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_m68k.deb", "packageName": "kpovmodeler", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_sparc.deb", "packageName": "kdegraphics-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_s390.deb", "packageName": "ksvg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_mipsel.deb", "packageName": "kpovmodeler", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_alpha.deb", "packageName": "kooka", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_sparc.deb", "packageName": "kolourpaint", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_m68k.deb", "packageName": "libkscan1", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_m68k.deb", "packageName": "kpdf", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_powerpc.deb", "packageName": "kdegraphics-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpovmodeler_3.3.2-2sarge3_amd64.deb", "packageName": "kpovmodeler", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_ia64.deb", "packageName": "libkscan-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_powerpc.deb", "packageName": "kghostview", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_alpha.deb", "packageName": "kmrml", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_mips.deb", "packageName": "kooka", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_amd64.deb", "packageName": "kuickshow", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_alpha.deb", "packageName": "kdegraphics-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_powerpc.deb", "packageName": "libkscan-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_hppa.deb", "packageName": "kfax", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_arm.deb", "packageName": "libkscan1", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_sparc.deb", "packageName": "kviewshell", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_hppa.deb", "packageName": "kamera", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_s390.deb", "packageName": "libkscan-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_hppa.deb", "packageName": "kdvi", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_sparc.deb", "packageName": "kgamma", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_amd64.deb", "packageName": "kamera", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_s390.deb", "packageName": "kcoloredit", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_i386.deb", "packageName": "kooka", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_hppa.deb", "packageName": "kgamma", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_sparc.deb", "packageName": "kview", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_m68k.deb", "packageName": "kghostview", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_arm.deb", "packageName": "kooka", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_sparc.deb", "packageName": "kooka", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_powerpc.deb", "packageName": "libkscan1", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_ia64.deb", "packageName": "libkscan1", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_alpha.deb", "packageName": "kpdf", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_s390.deb", "packageName": "kgamma", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_i386.deb", "packageName": "kdvi", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_amd64.deb", "packageName": "kviewshell", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdvi_3.3.2-2sarge3_sparc.deb", "packageName": "kdvi", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_mips.deb", "packageName": "kview", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_i386.deb", "packageName": "kcoloredit", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kviewshell_3.3.2-2sarge3_mipsel.deb", "packageName": "kviewshell", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kamera_3.3.2-2sarge3_mipsel.deb", "packageName": "kamera", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kview_3.3.2-2sarge3_m68k.deb", "packageName": "kview", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_m68k.deb", "packageName": "libkscan-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_hppa.deb", "packageName": "libkscan1", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_hppa.deb", "packageName": "kmrml", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_i386.deb", "packageName": "kolourpaint", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan-dev_3.3.2-2sarge3_i386.deb", "packageName": "libkscan-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kiconedit_3.3.2-2sarge3_ia64.deb", "packageName": "kiconedit", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_mips.deb", "packageName": "kpdf", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_alpha.deb", "packageName": "libkscan1", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_amd64.deb", "packageName": "kcoloredit", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kmrml_3.3.2-2sarge3_ia64.deb", "packageName": "kmrml", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_amd64.deb", "packageName": "kfax", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kolourpaint_3.3.2-2sarge3_powerpc.deb", "packageName": "kolourpaint", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "libkscan1_3.3.2-2sarge3_mips.deb", "packageName": "libkscan1", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_mips.deb", "packageName": "kgamma", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kooka_3.3.2-2sarge3_s390.deb", "packageName": "kooka", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_i386.deb", "packageName": "kuickshow", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kghostview_3.3.2-2sarge3_i386.deb", "packageName": "kghostview", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_i386.deb", "packageName": "kpdf", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kgamma_3.3.2-2sarge3_ia64.deb", "packageName": "kgamma", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_mipsel.deb", "packageName": "kpdf", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kcoloredit_3.3.2-2sarge3_m68k.deb", "packageName": "kcoloredit", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksvg_3.3.2-2sarge3_i386.deb", "packageName": "ksvg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-kfile-plugins_3.3.2-2sarge3_powerpc.deb", "packageName": "kdegraphics-kfile-plugins", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_powerpc.deb", "packageName": "ksnapshot", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_m68k.deb", "packageName": "kuickshow", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kdegraphics-dev_3.3.2-2sarge3_mips.deb", "packageName": "kdegraphics-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "ksnapshot_3.3.2-2sarge3_s390.deb", "packageName": "ksnapshot", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kfax_3.3.2-2sarge3_i386.deb", "packageName": "kfax", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_powerpc.deb", "packageName": "kuickshow", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_s390.deb", "packageName": "kuickshow", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kpdf_3.3.2-2sarge3_arm.deb", "packageName": "kpdf", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kruler_3.3.2-2sarge3_i386.deb", "packageName": "kruler", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.3.2-2sarge3", "packageFilename": "kuickshow_3.3.2-2sarge3_alpha.deb", "packageName": "kuickshow", "arch": "alpha", "operator": "lt"}], "edition": 1, "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 3.3.2-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.5.0-3.\n\nWe recommend that you upgrade your kpdf package.", "reporter": "Debian", "published": "2006-01-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "kdegraphics -- buffer overflows", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-09T00:00:00", "href": "http://www.debian.org/security/dsa-932", "id": "DSA-932", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-04T01:21:01", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2.orig", "arch": "src", "packageFilename": "gpdf_2.8.2.orig.tar.gz", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "mips", "packageFilename": "gpdf_2.8.2-1.2sarge2_mips.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "ppc", "packageFilename": "gpdf_2.8.2-1.2sarge2_powerpc.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "i686", "packageFilename": "gpdf_2.8.2-1.2sarge2_i386.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2.diff", "arch": "src", "packageFilename": "gpdf_2.8.2-1.2sarge2.diff.gz", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "m68k", "packageFilename": "gpdf_2.8.2-1.2sarge2_m68k.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "x86-64", "packageFilename": "gpdf_2.8.2-1.2sarge2_amd64.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "alpha", "packageFilename": "gpdf_2.8.2-1.2sarge2_alpha.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "src", "packageFilename": "gpdf_2.8.2-1.2sarge2.dsc", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "arm", "packageFilename": "gpdf_2.8.2-1.2sarge2_arm.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "mipsel", "packageFilename": "gpdf_2.8.2-1.2sarge2_mipsel.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "s390x", "packageFilename": "gpdf_2.8.2-1.2sarge2_s390.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "sparc", "packageFilename": "gpdf_2.8.2-1.2sarge2_sparc.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "ia64", "packageFilename": "gpdf_2.8.2-1.2sarge2_ia64.deb", "packageName": "gpdf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "2.8.2-1.2sarge2", "arch": "hppa", "packageFilename": "gpdf_2.8.2-1.2sarge2_hppa.deb", "packageName": "gpdf", "operator": "lt"}], "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain gpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 2.8.2-1.2sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in version 2.10.0-2.\n\nWe recommend that you upgrade your gpdf package.", "edition": 2, "reporter": "Debian", "published": "2006-01-13T00:00:00", "title": "gpdf -- buffer overflows", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-13T00:00:00", "id": "DSA-940", "href": "http://www.debian.org/security/dsa-940", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:27:09", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_i386.deb", "packageName": "xpdf-reader", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4.diff", "packageFilename": "xpdf_3.00-13.4.diff.gz", "packageName": "xpdf", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_ia64.deb", "packageName": "xpdf-utils", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_m68k.deb", "packageName": "xpdf-utils", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf_1.00-3.8.dsc", "packageName": "xpdf", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_amd64.deb", "packageName": "xpdf-utils", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_mipsel.deb", "packageName": "xpdf-reader", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_i386.deb", "packageName": "xpdf-utils", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf_3.00-13.4.dsc", "packageName": "xpdf", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_arm.deb", "packageName": "xpdf-utils", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_mipsel.deb", "packageName": "xpdf-utils", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00.orig", "packageFilename": "xpdf_1.00.orig.tar.gz", "packageName": "xpdf", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_m68k.deb", "packageName": "xpdf-utils", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_powerpc.deb", "packageName": "xpdf-utils", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_mips.deb", "packageName": "xpdf-utils", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_alpha.deb", "packageName": "xpdf-reader", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf_1.00-3.8_all.deb", "packageName": "xpdf", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_mips.deb", "packageName": "xpdf-reader", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_s390.deb", "packageName": "xpdf-reader", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_mipsel.deb", "packageName": "xpdf-utils", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_sparc.deb", "packageName": "xpdf-reader", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_amd64.deb", "packageName": "xpdf-reader", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_sparc.deb", "packageName": "xpdf-reader", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_i386.deb", "packageName": "xpdf-reader", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_hppa.deb", "packageName": "xpdf-utils", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_arm.deb", "packageName": "xpdf-utils", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_i386.deb", "packageName": "xpdf-utils", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_powerpc.deb", "packageName": "xpdf-reader", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_mipsel.deb", "packageName": "xpdf-reader", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf_3.00-13.4_all.deb", "packageName": "xpdf", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_ia64.deb", "packageName": "xpdf-reader", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_arm.deb", "packageName": "xpdf-reader", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_arm.deb", "packageName": "xpdf-reader", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_hppa.deb", "packageName": "xpdf-utils", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_alpha.deb", "packageName": "xpdf-utils", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-common_1.00-3.8_all.deb", "packageName": "xpdf-common", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_s390.deb", "packageName": "xpdf-reader", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_sparc.deb", "packageName": "xpdf-utils", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_sparc.deb", "packageName": "xpdf-utils", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_m68k.deb", "packageName": "xpdf-reader", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_alpha.deb", "packageName": "xpdf-utils", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_alpha.deb", "packageName": "xpdf-reader", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00.orig", "packageFilename": "xpdf_3.00.orig.tar.gz", "packageName": "xpdf", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_ia64.deb", "packageName": "xpdf-reader", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_s390.deb", "packageName": "xpdf-utils", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-utils_1.00-3.8_powerpc.deb", "packageName": "xpdf-utils", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_mips.deb", "packageName": "xpdf-reader", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8.diff", "packageFilename": "xpdf_1.00-3.8.diff.gz", "packageName": "xpdf", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_m68k.deb", "packageName": "xpdf-reader", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_ia64.deb", "packageName": "xpdf-utils", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_mips.deb", "packageName": "xpdf-utils", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-utils_3.00-13.4_s390.deb", "packageName": "xpdf-utils", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-common_3.00-13.4_all.deb", "packageName": "xpdf-common", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_hppa.deb", "packageName": "xpdf-reader", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "3.00-13.4", "packageFilename": "xpdf-reader_3.00-13.4_powerpc.deb", "packageName": "xpdf-reader", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.00-3.8", "packageFilename": "xpdf-reader_1.00-3.8_hppa.deb", "packageName": "xpdf-reader", "arch": "hppa", "operator": "lt"}], "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.00-3.8.\n\nFor the stable distribution (sarge) these problems have been fixed in version 3.00-13.4.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.01-4.\n\nWe recommend that you upgrade your xpdf package.", "edition": 1, "reporter": "Debian", "published": "2006-01-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "xpdf -- buffer overflows", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-09T00:00:00", "id": "DSA-931", "href": "http://www.debian.org/security/dsa-931", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:28:03", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_powerpc.deb", "packageName": "cupsys-pstoraster", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_s390.deb", "packageName": "cupsys-pstoraster", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_hppa.deb", "packageName": "cupsys", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_mipsel.deb", "packageName": "cupsys", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_hppa.deb", "packageName": "cupsys-client", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_mips.deb", "packageName": "libcupsys2-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_mipsel.deb", "packageName": "cupsys-client", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_arm.deb", "packageName": "cupsys-bsd", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_s390.deb", "packageName": "libcupsys2", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_sparc.deb", "packageName": "cupsys", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_mipsel.deb", "packageName": "libcupsimage2", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_powerpc.deb", "packageName": "libcupsys2-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_arm.deb", "packageName": "libcupsimage2-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_mips.deb", "packageName": "libcupsys2", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_ia64.deb", "packageName": "libcupsys2-gnutls10", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_s390.deb", "packageName": "libcupsimage2-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14.orig", "packageFilename": "cupsys_1.1.14.orig.tar.gz", "packageName": "cupsys", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_mipsel.deb", "packageName": "cupsys-client", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_mips.deb", "packageName": "cupsys-client", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_sparc.deb", "packageName": "libcupsys2-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_alpha.deb", "packageName": "cupsys", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_alpha.deb", "packageName": "cupsys-bsd", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_ia64.deb", "packageName": "cupsys-bsd", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_sparc.deb", "packageName": "libcupsimage2-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_powerpc.deb", "packageName": "libcupsys2-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_ia64.deb", "packageName": "cupsys", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_i386.deb", "packageName": "libcupsys2-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_i386.deb", "packageName": "cupsys-client", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_sparc.deb", "packageName": "cupsys", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_alpha.deb", "packageName": "cupsys-pstoraster", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_i386.deb", "packageName": "cupsys-client", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_mipsel.deb", "packageName": "cupsys", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_hppa.deb", "packageName": "libcupsimage2", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_mipsel.deb", "packageName": "cupsys-bsd", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_hppa.deb", "packageName": "cupsys-bsd", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_s390.deb", "packageName": "libcupsys2-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_mipsel.deb", "packageName": "libcupsimage2-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_ia64.deb", "packageName": "libcupsimage2-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_alpha.deb", "packageName": "cupsys-bsd", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14.diff", "packageFilename": "cupsys_1.1.14-5woody14.diff.gz", "packageName": "cupsys", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_arm.deb", "packageName": "cupsys-client", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_amd64.deb", "packageName": "cupsys-client", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_i386.deb", "packageName": "libcupsys2-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_i386.deb", "packageName": "libcupsimage2", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_powerpc.deb", "packageName": "cupsys-client", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1.dsc", "packageName": "cupsys", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_hppa.deb", "packageName": "cupsys-client", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1.diff", "packageFilename": "cupsys_1.1.23-10sarge1.diff.gz", "packageName": "cupsys", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_amd64.deb", "packageName": "libcupsys2-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_i386.deb", "packageName": "libcupsys2-gnutls10", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_m68k.deb", "packageName": "cupsys-pstoraster", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_mipsel.deb", "packageName": "libcupsys2-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_arm.deb", "packageName": "libcupsys2", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_m68k.deb", "packageName": "cupsys", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_m68k.deb", "packageName": "cupsys-client", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_mips.deb", "packageName": "cupsys-bsd", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_powerpc.deb", "packageName": "libcupsys2-gnutls10", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_sparc.deb", "packageName": "cupsys-client", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_arm.deb", "packageName": "libcupsys2-gnutls10", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_ia64.deb", "packageName": "libcupsys2", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_mipsel.deb", "packageName": "cupsys-bsd", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_arm.deb", "packageName": "cupsys-client", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_mips.deb", "packageName": "libcupsimage2-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_alpha.deb", "packageName": "cupsys", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_ia64.deb", "packageName": "cupsys-client", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_powerpc.deb", "packageName": "libcupsimage2-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_m68k.deb", "packageName": "libcupsys2-gnutls10", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_alpha.deb", "packageName": "libcupsys2-gnutls10", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_hppa.deb", "packageName": "cupsys", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_amd64.deb", "packageName": "libcupsimage2-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_alpha.deb", "packageName": "cupsys-client", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_s390.deb", "packageName": "libcupsys2-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_arm.deb", "packageName": "cupsys", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_ia64.deb", "packageName": "libcupsys2-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_m68k.deb", "packageName": "cupsys-client", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_arm.deb", "packageName": "cupsys", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_s390.deb", "packageName": "cupsys-bsd", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_mips.deb", "packageName": "cupsys", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_arm.deb", "packageName": "libcupsys2-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_ia64.deb", "packageName": "libcupsys2-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_hppa.deb", "packageName": "cupsys-pstoraster", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_mips.deb", "packageName": "cupsys-bsd", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_amd64.deb", "packageName": "cupsys", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_mips.deb", "packageName": "cupsys-client", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_sparc.deb", "packageName": "libcupsimage2", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_s390.deb", "packageName": "cupsys-bsd", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_sparc.deb", "packageName": "cupsys-client", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_mipsel.deb", "packageName": "libcupsys2", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_i386.deb", "packageName": "cupsys-bsd", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_i386.deb", "packageName": "libcupsimage2-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14.dsc", "packageName": "cupsys", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_m68k.deb", "packageName": "libcupsys2", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_ia64.deb", "packageName": "libcupsimage2", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_alpha.deb", "packageName": "libcupsimage2", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_hppa.deb", "packageName": "libcupsys2", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_powerpc.deb", "packageName": "cupsys", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_s390.deb", "packageName": "cupsys-client", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_alpha.deb", "packageName": "libcupsys2-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_s390.deb", "packageName": "libcupsimage2", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_amd64.deb", "packageName": "libcupsys2-gnutls10", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_s390.deb", "packageName": "cupsys", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_sparc.deb", "packageName": "cupsys-pstoraster", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_powerpc.deb", "packageName": "libcupsys2", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_sparc.deb", "packageName": "cupsys-bsd", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_powerpc.deb", "packageName": "cupsys-client", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_powerpc.deb", "packageName": "cupsys-bsd", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_hppa.deb", "packageName": "libcupsys2-gnutls10", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_ia64.deb", "packageName": "cupsys", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_amd64.deb", "packageName": "cupsys-bsd", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_m68k.deb", "packageName": "cupsys", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_alpha.deb", "packageName": "libcupsys2", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_mips.deb", "packageName": "cupsys", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_hppa.deb", "packageName": "cupsys-bsd", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_i386.deb", "packageName": "cupsys", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_s390.deb", "packageName": "cupsys", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_ia64.deb", "packageName": "cupsys-bsd", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_sparc.deb", "packageName": "cupsys-bsd", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23.orig", "packageFilename": "cupsys_1.1.23.orig.tar.gz", "packageName": "cupsys", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_hppa.deb", "packageName": "libcupsys2-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_amd64.deb", "packageName": "libcupsimage2", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_mipsel.deb", "packageName": "libcupsys2-gnutls10", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_arm.deb", "packageName": "cupsys-bsd", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_arm.deb", "packageName": "cupsys-pstoraster", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2_1.1.23-10sarge1_all.deb", "packageName": "libcupsys2", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_m68k.deb", "packageName": "libcupsys2-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_mips.deb", "packageName": "cupsys-pstoraster", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys_1.1.23-10sarge1_powerpc.deb", "packageName": "cupsys", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_ia64.deb", "packageName": "cupsys-client", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_sparc.deb", "packageName": "libcupsys2-gnutls10", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_mips.deb", "packageName": "libcupsys2-gnutls10", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-client_1.1.14-5woody14_s390.deb", "packageName": "cupsys-client", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-gnutls10_1.1.23-10sarge1_s390.deb", "packageName": "libcupsys2-gnutls10", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_m68k.deb", "packageName": "libcupsys2-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_ia64.deb", "packageName": "cupsys-pstoraster", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_mipsel.deb", "packageName": "libcupsys2-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_m68k.deb", "packageName": "libcupsimage2-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_m68k.deb", "packageName": "cupsys-bsd", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_sparc.deb", "packageName": "libcupsys2-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_powerpc.deb", "packageName": "libcupsimage2", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_hppa.deb", "packageName": "libcupsys2-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_alpha.deb", "packageName": "libcupsimage2-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_m68k.deb", "packageName": "cupsys-bsd", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2-dev_1.1.14-5woody14_mips.deb", "packageName": "libcupsys2-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_mips.deb", "packageName": "libcupsimage2", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-bsd_1.1.14-5woody14_i386.deb", "packageName": "cupsys-bsd", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_sparc.deb", "packageName": "libcupsys2", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_arm.deb", "packageName": "libcupsimage2", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_alpha.deb", "packageName": "libcupsys2-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-client_1.1.23-10sarge1_alpha.deb", "packageName": "cupsys-client", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_mipsel.deb", "packageName": "cupsys-pstoraster", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys-pstoraster_1.1.14-5woody14_i386.deb", "packageName": "cupsys-pstoraster", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "libcupsys2_1.1.14-5woody14_i386.deb", "packageName": "libcupsys2", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "cupsys-bsd_1.1.23-10sarge1_powerpc.deb", "packageName": "cupsys-bsd", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.1.14-5woody14", "packageFilename": "cupsys_1.1.14-5woody14_i386.deb", "packageName": "cupsys", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2-dev_1.1.23-10sarge1_hppa.deb", "packageName": "libcupsimage2-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsimage2_1.1.23-10sarge1_m68k.deb", "packageName": "libcupsimage2", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.1.23-10sarge1", "packageFilename": "libcupsys2-dev_1.1.23-10sarge1_arm.deb", "packageName": "libcupsys2-dev", "arch": "arm", "operator": "lt"}], "edition": 1, "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.1.14-5woody14.\n\nCUPS doesn't use the xpdf source anymore since 1.1.22-7, when it switched to using xpdf-utils for PDF processing.\n\nWe recommend that you upgrade your CUPS packages.", "reporter": "Debian", "published": "2006-01-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "cupsys -- buffer overflows", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-23T00:00:00", "href": "http://www.debian.org/security/dsa-950", "id": "DSA-950", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:25:06", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_arm.deb", "arch": "arm", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_s390.deb", "arch": "s390x", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_i386.deb", "arch": "i686", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor_0.4.2-2sarge2.dsc", "arch": "src", "packageName": "libextractor", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_mips.deb", "arch": "mips", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_ia64.deb", "arch": "ia64", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_ia64.deb", "arch": "ia64", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_hppa.deb", "arch": "hppa", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_mips.deb", "arch": "mips", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_sparc.deb", "arch": "sparc", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_mips.deb", "arch": "mips", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_i386.deb", "arch": "i686", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_sparc.deb", "arch": "sparc", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_amd64.deb", "arch": "x86-64", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_i386.deb", "arch": "i686", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_hppa.deb", "arch": "hppa", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2.orig", "packageFilename": "libextractor_0.4.2.orig.tar.gz", "arch": "src", "packageName": "libextractor", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_m68k.deb", "arch": "m68k", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_m68k.deb", "arch": "m68k", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_amd64.deb", "arch": "x86-64", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_m68k.deb", "arch": "m68k", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_s390.deb", "arch": "s390x", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2.diff", "packageFilename": "libextractor_0.4.2-2sarge2.diff.gz", "arch": "src", "packageName": "libextractor", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_alpha.deb", "arch": "alpha", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_arm.deb", "arch": "arm", "packageName": "extract", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_arm.deb", "arch": "arm", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_alpha.deb", "arch": "alpha", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_hppa.deb", "arch": "hppa", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1-dev_0.4.2-2sarge2_amd64.deb", "arch": "x86-64", "packageName": "libextractor1-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_ia64.deb", "arch": "ia64", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_s390.deb", "arch": "s390x", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "libextractor1_0.4.2-2sarge2_sparc.deb", "arch": "sparc", "packageName": "libextractor1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.4.2-2sarge2", "packageFilename": "extract_0.4.2-2sarge2_alpha.deb", "arch": "alpha", "packageName": "extract", "operator": "lt"}], "edition": 1, "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.4.2-2sarge2.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your libextractor packages.", "reporter": "Debian", "published": "2006-01-11T00:00:00", "type": "debian", "title": "libextractor -- buffer overflows", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-11T00:00:00", "id": "DSA-936", "href": "http://www.debian.org/security/dsa-936", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:21:26", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36.orig", "packageFilename": "pdftohtml_0.36.orig.tar.gz", "arch": "src", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1.dsc", "arch": "src", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_powerpc.deb", "arch": "ppc", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_m68k.deb", "arch": "m68k", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_alpha.deb", "arch": "alpha", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_ia64.deb", "arch": "ia64", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_amd64.deb", "arch": "x86-64", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_arm.deb", "arch": "arm", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_s390.deb", "arch": "s390x", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_sparc.deb", "arch": "sparc", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_i386.deb", "arch": "i686", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_mips.deb", "arch": "mips", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_hppa.deb", "arch": "hppa", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1.diff", "packageFilename": "pdftohtml_0.36-11sarge1.diff.gz", "arch": "src", "packageName": "pdftohtml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.36-11sarge1", "packageFilename": "pdftohtml_0.36-11sarge1_mipsel.deb", "arch": "mipsel", "packageName": "pdftohtml", "operator": "lt"}], "edition": 1, "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.36-11sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdftohtml package.", "reporter": "Debian", "published": "2006-02-01T00:00:00", "type": "debian", "title": "pdftohtml -- buffer overflows", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-02-01T00:00:00", "id": "DSA-962", "href": "http://www.debian.org/security/dsa-962", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:20:25", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8.orig", "packageFilename": "pdfkit.framework_0.8.orig.tar.gz", "packageName": "pdfkit.framework", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_mips.deb", "packageName": "pdfkit.framework", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_s390.deb", "packageName": "pdfkit.framework", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_hppa.deb", "packageName": "pdfkit.framework", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_m68k.deb", "packageName": "pdfkit.framework", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_amd64.deb", "packageName": "pdfkit.framework", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_arm.deb", "packageName": "pdfkit.framework", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_i386.deb", "packageName": "pdfkit.framework", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_mipsel.deb", "packageName": "pdfkit.framework", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_powerpc.deb", "packageName": "pdfkit.framework", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_alpha.deb", "packageName": "pdfkit.framework", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1.diff", "packageFilename": "pdfkit.framework_0.8-2sarge1.diff.gz", "packageName": "pdfkit.framework", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_sparc.deb", "packageName": "pdfkit.framework", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1.dsc", "packageName": "pdfkit.framework", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "0.8-2sarge1", "packageFilename": "pdfkit.framework_0.8-2sarge1_ia64.deb", "packageName": "pdfkit.framework", "arch": "ia64", "operator": "lt"}], "edition": 1, "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.8-2sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdfkit.framework package.", "reporter": "Debian", "published": "2006-02-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "pdfkit.framework -- buffer overflows", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-02-01T00:00:00", "href": "http://www.debian.org/security/dsa-961", "id": "DSA-961", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:30:25", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_m68k.deb", "packageName": "kformula", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_mipsel.deb", "packageName": "koshell", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2.diff", "packageFilename": "koffice_1.3.5-4.sarge.2.diff.gz", "packageName": "koffice", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_m68k.deb", "packageName": "kword", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_sparc.deb", "packageName": "kspread", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_mips.deb", "packageName": "karbon", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kword", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kchart", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_amd64.deb", "packageName": "kformula", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kspread", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_i386.deb", "packageName": "kspread", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice_1.3.5-4.sarge.2_all.deb", "packageName": "koffice", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_alpha.deb", "packageName": "kivio", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_s390.deb", "packageName": "kchart", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_hppa.deb", "packageName": "karbon", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_amd64.deb", "packageName": "koffice-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_hppa.deb", "packageName": "koshell", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_sparc.deb", "packageName": "kpresenter", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_alpha.deb", "packageName": "kword", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_amd64.deb", "packageName": "kspread", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_s390.deb", "packageName": "kspread", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_m68k.deb", "packageName": "kugar", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_sparc.deb", "packageName": "kivio", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_amd64.deb", "packageName": "kchart", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_ia64.deb", "packageName": "kspread", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_sparc.deb", "packageName": "karbon", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_ia64.deb", "packageName": "kword", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_amd64.deb", "packageName": "kword", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_s390.deb", "packageName": "kword", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_amd64.deb", "packageName": "kpresenter", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_ia64.deb", "packageName": "kformula", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_arm.deb", "packageName": "karbon", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_m68k.deb", "packageName": "koshell", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_mips.deb", "packageName": "kivio", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_arm.deb", "packageName": "kugar", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_hppa.deb", "packageName": "kivio", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice_1.3.5-4.sarge.2.dsc", "packageName": "koffice", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_amd64.deb", "packageName": "kugar", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_ia64.deb", "packageName": "koffice-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kivio", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_ia64.deb", "packageName": "koshell", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_alpha.deb", "packageName": "kugar", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_mips.deb", "packageName": "kugar", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_m68k.deb", "packageName": "koffice-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_arm.deb", "packageName": "kspread", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_s390.deb", "packageName": "koffice-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_alpha.deb", "packageName": "kchart", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_m68k.deb", "packageName": "karbon", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_amd64.deb", "packageName": "koshell", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_alpha.deb", "packageName": "koffice-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_hppa.deb", "packageName": "kword", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kformula", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_m68k.deb", "packageName": "kchart", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_i386.deb", "packageName": "koshell", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_s390.deb", "packageName": "kivio", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_i386.deb", "packageName": "kword", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_sparc.deb", "packageName": "kugar", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_hppa.deb", "packageName": "kspread", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_hppa.deb", "packageName": "koffice-libs", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_ia64.deb", "packageName": "kivio", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_arm.deb", "packageName": "kivio", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_mips.deb", "packageName": "kchart", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_arm.deb", "packageName": "kpresenter", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_amd64.deb", "packageName": "koffice-libs", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_mipsel.deb", "packageName": "koffice-libs", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kspread", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_alpha.deb", "packageName": "kspread", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_sparc.deb", "packageName": "koshell", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_powerpc.deb", "packageName": "karbon", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_sparc.deb", "packageName": "kchart", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_powerpc.deb", "packageName": "koffice-libs", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_mips.deb", "packageName": "kspread", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_ia64.deb", "packageName": "koffice-libs", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_i386.deb", "packageName": "kugar", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_i386.deb", "packageName": "karbon", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_mips.deb", "packageName": "koffice-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kugar", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_s390.deb", "packageName": "karbon", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_alpha.deb", "packageName": "kformula", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_powerpc.deb", "packageName": "koshell", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_ia64.deb", "packageName": "kchart", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_i386.deb", "packageName": "koffice-libs", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kword", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_i386.deb", "packageName": "kformula", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_alpha.deb", "packageName": "koffice-libs", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_hppa.deb", "packageName": "kchart", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio-data_1.3.5-4.sarge.2_all.deb", "packageName": "kivio-data", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_ia64.deb", "packageName": "kpresenter", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kspread_1.3.5-4.sarge.2_m68k.deb", "packageName": "kspread", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_ia64.deb", "packageName": "kugar", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_m68k.deb", "packageName": "koffice-libs", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_arm.deb", "packageName": "koffice-libs", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_powerpc.deb", "packageName": "koffice-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_i386.deb", "packageName": "koffice-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_arm.deb", "packageName": "kword", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_alpha.deb", "packageName": "karbon", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_s390.deb", "packageName": "kugar", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_hppa.deb", "packageName": "kformula", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_arm.deb", "packageName": "koffice-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_amd64.deb", "packageName": "kivio", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_m68k.deb", "packageName": "kivio", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kpresenter", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_s390.deb", "packageName": "koffice-libs", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_s390.deb", "packageName": "kpresenter", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kpresenter", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_mips.deb", "packageName": "kformula", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_arm.deb", "packageName": "kchart", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_sparc.deb", "packageName": "koffice-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_ia64.deb", "packageName": "karbon", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_i386.deb", "packageName": "kchart", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_mips.deb", "packageName": "koffice-libs", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_alpha.deb", "packageName": "kpresenter", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_hppa.deb", "packageName": "kpresenter", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_i386.deb", "packageName": "kivio", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_i386.deb", "packageName": "kpresenter", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kivio_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kivio", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-libs_1.3.5-4.sarge.2_sparc.deb", "packageName": "koffice-libs", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_hppa.deb", "packageName": "koffice-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_s390.deb", "packageName": "kformula", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_mipsel.deb", "packageName": "kugar", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_alpha.deb", "packageName": "koshell", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_sparc.deb", "packageName": "kformula", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_arm.deb", "packageName": "koshell", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_s390.deb", "packageName": "koshell", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_arm.deb", "packageName": "kformula", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koshell_1.3.5-4.sarge.2_mips.deb", "packageName": "koshell", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kugar_1.3.5-4.sarge.2_hppa.deb", "packageName": "kugar", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_sparc.deb", "packageName": "kword", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5.orig", "packageFilename": "koffice_1.3.5.orig.tar.gz", "packageName": "koffice", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_mips.deb", "packageName": "kpresenter", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-data_1.3.5-4.sarge.2_all.deb", "packageName": "koffice-data", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kformula_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kformula", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-dev_1.3.5-4.sarge.2_mipsel.deb", "packageName": "koffice-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_amd64.deb", "packageName": "karbon", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kword_1.3.5-4.sarge.2_mips.deb", "packageName": "kword", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "karbon_1.3.5-4.sarge.2_mipsel.deb", "packageName": "karbon", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kchart_1.3.5-4.sarge.2_powerpc.deb", "packageName": "kchart", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "kpresenter_1.3.5-4.sarge.2_m68k.deb", "packageName": "kpresenter", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.5-4.sarge.2", "packageFilename": "koffice-doc-html_1.3.5-4.sarge.2_all.deb", "packageName": "koffice-doc-html", "arch": "all", "operator": "lt"}], "edition": 1, "description": "\"infamous41md\" and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain koffice packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.3.5-4.sarge.2.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.4.2-6.\n\nWe recommend that you upgrade your koffice package.", "reporter": "Debian", "published": "2006-01-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "koffice -- buffer overflows", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-12T00:00:00", "href": "http://www.debian.org/security/dsa-938", "id": "DSA-938", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:32:56", "references": [], "pluginID": "20478", "description": "Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)\n\nHeap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.\n(CVE-2005-3192)\n\nHeap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.\n(CVE-2005-3193)\n\nAn additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).\n\nIn addition, Chris Evans discovered several other vulnerabilities in the xpdf code base :\n\nOut-of-bounds heap accesses with large or negative parameters to 'FlateDecode' stream. (CVE-2005-3192)\n\nOut-of-bounds heap accesses with large or negative parameters to 'CCITTFaxDecode' stream. (CVE-2005-3624)\n\nInfinite CPU spins in various places when stream ends unexpectedly.\n(CVE-2005-3625)\n\nNULL pointer crash in the 'FlateDecode' stream. (CVE-2005-3626)\n\nOverflows of compInfo array in 'DCTDecode' stream. (CVE-2005-3627)\n\nPossible to use index past end of array in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nPossible out-of-bounds indexing trouble in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nKdegraphics uses an embedded copy of the xpdf code, with the same vulnerabilities.\n\nThe updated packages have been patched to correct these problems.", "edition": 5, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libkdegraphics0-mrmlsearch", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-common", "p-cpe:/a:mandriva:linux:libkdegraphics0-common", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-common-devel", "p-cpe:/a:mandriva:linux:kdegraphics-kpaint", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka", "p-cpe:/a:mandriva:linux:kdegraphics-kuickshow", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview-devel", "p-cpe:/a:mandriva:linux:kdegraphics-kpdf", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-mrmlsearch", "p-cpe:/a:mandriva:linux:libkdegraphics0-kview-devel", "p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview-devel", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka-devel", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview", "p-cpe:/a:mandriva:linux:kdegraphics-mrmlsearch", "p-cpe:/a:mandriva:linux:libkdegraphics0-kview", "p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler-devel", "p-cpe:/a:mandriva:linux:kdegraphics-kiconedit", "p-cpe:/a:mandriva:linux:kdegraphics-kghostview", "p-cpe:/a:mandriva:linux:kdegraphics-common", "p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler", "p-cpe:/a:mandriva:linux:kdegraphics-kooka", "p-cpe:/a:mandriva:linux:kdegraphics", "p-cpe:/a:mandriva:linux:kdegraphics-ksvg", "p-cpe:/a:mandriva:linux:kdegraphics-kolourpaint", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg-devel", "p-cpe:/a:mandriva:linux:libkdegraphics0-common-devel", "p-cpe:/a:mandriva:linux:kdegraphics-kpovmodeler", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview", "p-cpe:/a:mandriva:linux:kdegraphics-kruler", "p-cpe:/a:mandriva:linux:libkdegraphics0-kuickshow", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kuickshow", "p-cpe:/a:mandriva:linux:libkdegraphics0-kooka-devel", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg", "p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview", "p-cpe:/a:mandriva:linux:libkdegraphics0-kooka", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview-devel", "p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler-devel", "p-cpe:/a:mandriva:linux:kdegraphics-ksnapshot", "p-cpe:/a:mandriva:linux:kdegraphics-kfax", "p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg-devel", "p-cpe:/a:mandriva:linux:kdegraphics-kdvi", "p-cpe:/a:mandriva:linux:kdegraphics-kview"], "id": "MANDRAKE_MDKSA-2006-012.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20478", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:012. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20478);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727, 16143);\n script_xref(name:\"MDKSA\", value:\"2006:012\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple heap-based buffer overflows in the\nDCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions\nin the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,\nallow user-complicit attackers to cause a denial of service (heap\ncorruption) and possibly execute arbitrary code via a crafted PDF file\nwith an out-of-range number of components (numComps), which is used as\nan array index. (CVE-2005-3191)\n\nHeap-based buffer overflow in the StreamPredictor function in Xpdf\n3.01 allows remote attackers to execute arbitrary code via a PDF file\nwith an out-of-range numComps (number of components) field.\n(CVE-2005-3192)\n\nHeap-based buffer overflow in the JPXStream::readCodestream function\nin the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier\nallows user-complicit attackers to cause a denial of service (heap\ncorruption) and possibly execute arbitrary code via a crafted PDF file\nwith large size values that cause insufficient memory to be allocated.\n(CVE-2005-3193)\n\nAn additional patch re-addresses memory allocation routines in\ngoo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).\n\nIn addition, Chris Evans discovered several other vulnerabilities in\nthe xpdf code base :\n\nOut-of-bounds heap accesses with large or negative parameters to\n'FlateDecode' stream. (CVE-2005-3192)\n\nOut-of-bounds heap accesses with large or negative parameters to\n'CCITTFaxDecode' stream. (CVE-2005-3624)\n\nInfinite CPU spins in various places when stream ends unexpectedly.\n(CVE-2005-3625)\n\nNULL pointer crash in the 'FlateDecode' stream. (CVE-2005-3626)\n\nOverflows of compInfo array in 'DCTDecode' stream. (CVE-2005-3627)\n\nPossible to use index past end of array in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nPossible out-of-bounds indexing trouble in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nKdegraphics uses an embedded copy of the xpdf code, with the same\nvulnerabilities.\n\nThe updated packages have been patched to correct these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kfax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kghostview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kiconedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kolourpaint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kooka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kpaint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kpovmodeler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kruler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-ksnapshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-ksvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kuickshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-kview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdegraphics-mrmlsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kuickshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdegraphics0-mrmlsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kuickshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-kview-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdegraphics0-mrmlsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-common-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kdvi-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kfax-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kghostview-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kiconedit-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kolourpaint-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kooka-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kpaint-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kpdf-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kpovmodeler-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kruler-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-ksnapshot-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-ksvg-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kuickshow-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-kview-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kdegraphics-mrmlsearch-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-common-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-common-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kghostview-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kghostview-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kooka-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kooka-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kpovmodeler-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-ksvg-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-ksvg-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kuickshow-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kview-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-kview-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64kdegraphics0-mrmlsearch-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-common-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-common-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kghostview-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kghostview-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kooka-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kooka-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kpovmodeler-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kpovmodeler-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-ksvg-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-ksvg-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kuickshow-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kview-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-kview-devel-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkdegraphics0-mrmlsearch-3.4.2-11.4.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:19", "references": ["http://www.nessus.org/u?189951af", "http://www.nessus.org/u?2454bdba", "http://www.nessus.org/u?882ebac5"], "pluginID": "21972", "description": "Updated kdegraphics packages that resolve several security issues in kpdf are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer.\n\nSeveral flaws were discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.\n\nUsers of kpdf should upgrade to these updated packages, which contain a backported patch to resolve these issues.", "edition": 5, "reporter": "Tenable", "published": "2006-07-05T00:00:00", "title": "CentOS 4 : kdegraphics (CESA-2005:868)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:kdegraphics-devel", "p-cpe:/a:centos:centos:kdegraphics"], "id": "CENTOS_RHSA-2005-868.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21972", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:868 and \n# CentOS Errata and Security Advisory 2005:868 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21972);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/06/27 18:42:24\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"RHSA\", value:\"2005:868\");\n\n script_name(english:\"CentOS 4 : kdegraphics (CESA-2005:868)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdegraphics packages that resolve several security issues in\nkpdf are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment including kpdf, a pdf file viewer.\n\nSeveral flaws were discovered in kpdf. An attacker could construct a\ncarefully crafted PDF file that could cause kpdf to crash or possibly\nexecute arbitrary code when opened. The Common Vulnerabilities and\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\nCVE-2005-3193 to these issues.\n\nUsers of kpdf should upgrade to these updated packages, which contain\na backported patch to resolve these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-December/012498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2454bdba\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-December/012519.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?882ebac5\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-December/012520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?189951af\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"kdegraphics-3.3.1-3.6\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"kdegraphics-devel-3.3.1-3.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:49", "references": ["http://www.kde.org/info/security/advisory-20060202-1.txt", "http://www.nessus.org/u?e20ee690", "http://www.kde.org/info/security/advisory-20051207-2.txt"], "pluginID": "20915", "description": "New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf.", "edition": 5, "reporter": "Tenable", "published": "2006-02-15T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / current : kdegraphics (SSA:2006-045-04)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kdegraphics", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2"], "id": "SLACKWARE_SSA_2006-045-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20915", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-045-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20915);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\", \"CVE-2006-0301\");\n script_bugtraq_id(15721, 15725, 15726, 15727, 16143);\n script_xref(name:\"SSA\", value:\"2006-045-04\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / current : kdegraphics (SSA:2006-045-04)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kdegraphics packages are available for Slackware 10.0, 10.1,\n10.2, and -current to fix security issues with kpdf.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20051207-2.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20060202-1.txt\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20ee690\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/02/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.0\", pkgname:\"kdegraphics\", pkgver:\"3.2.3\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"kdegraphics\", pkgver:\"3.3.2\", pkgarch:\"i486\", pkgnum:\"4\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"kdegraphics\", pkgver:\"3.4.2\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"kdegraphics\", pkgver:\"3.5.1\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:53", "references": ["http://www.debian.org/security/2006/dsa-932", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281"], "pluginID": "22798", "description": "'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package.", "edition": 6, "reporter": "Tenable", "published": "2006-10-14T00:00:00", "title": "Debian DSA-932-1 : kdegraphics - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:xpdf"], "id": "DEBIAN_DSA-932.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22798", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-932. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22798);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_xref(name:\"DSA\", value:\"932\");\n\n script_name(english:\"Debian DSA-932-1 : kdegraphics - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'infamous41md' and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-932\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kpdf package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-2sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"kamera\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kcoloredit\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kdegraphics\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kdegraphics-dev\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kdegraphics-kfile-plugins\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kdvi\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kfax\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kgamma\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kghostview\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kiconedit\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kmrml\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kolourpaint\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kooka\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kpdf\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kpovmodeler\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kruler\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ksnapshot\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ksvg\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kuickshow\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kview\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kviewshell\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkscan-dev\", reference:\"3.3.2-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkscan1\", reference:\"3.3.2-2sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:08", "references": ["https://www.redhat.com/security/data/cve/CVE-2005-3627.html", "https://www.redhat.com/security/data/cve/CVE-2005-3191.html", "https://www.redhat.com/security/data/cve/CVE-2005-3192.html", "https://www.redhat.com/security/data/cve/CVE-2005-3626.html", "https://www.redhat.com/security/data/cve/CVE-2005-3193.html", "https://www.redhat.com/security/data/cve/CVE-2005-3628.html", "https://www.redhat.com/security/data/cve/CVE-2005-3625.html", "http://rhn.redhat.com/errata/RHSA-2005-868.html", "https://www.redhat.com/security/data/cve/CVE-2005-3624.html"], "pluginID": "20363", "description": "Updated kdegraphics packages that resolve several security issues in kpdf are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer.\n\nSeveral flaws were discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues.\n\nUsers of kpdf should upgrade to these updated packages, which contain a backported patch to resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2005-12-30T00:00:00", "title": "RHEL 4 : kdegraphics (RHSA-2005:868)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel", "p-cpe:/a:redhat:enterprise_linux:kdegraphics"], "id": "REDHAT-RHSA-2005-868.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20363", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:868. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20363);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/25 18:58:04\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_bugtraq_id(15721, 15725, 15726, 15727);\n script_xref(name:\"RHSA\", value:\"2005:868\");\n\n script_name(english:\"RHEL 4 : kdegraphics (RHSA-2005:868)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdegraphics packages that resolve several security issues in\nkpdf are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment including kpdf, a pdf file viewer.\n\nSeveral flaws were discovered in kpdf. An attacker could construct a\ncarefully crafted PDF file that could cause kpdf to crash or possibly\nexecute arbitrary code when opened. The Common Vulnerabilities and\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\nCVE-2005-3193 to these issues.\n\nUsers of kpdf should upgrade to these updated packages, which contain\na backported patch to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3192.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3193.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3624.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3625.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3626.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3627.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3628.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-868.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics and / or kdegraphics-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:868\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kdegraphics-3.3.1-3.6\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kdegraphics-devel-3.3.1-3.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdegraphics / kdegraphics-devel\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:31", "references": ["http://www.debian.org/security/2006/dsa-938"], "pluginID": "22804", "description": "'infamous41md' and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.", "edition": 6, "reporter": "Tenable", "published": "2006-10-14T00:00:00", "title": "Debian DSA-938-1 : koffice - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-08-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:koffice", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-938.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22804", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-938. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22804);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_xref(name:\"DSA\", value:\"938\");\n\n script_name(english:\"Debian DSA-938-1 : koffice - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'infamous41md' and chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in koffice, the KDE Office Suite, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-938\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the koffice package.\n\nThe old stable distribution (woody) does not contain koffice packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-4.sarge.2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:koffice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"karbon\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kchart\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kformula\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kivio\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kivio-data\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"koffice\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"koffice-data\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"koffice-dev\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"koffice-doc-html\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"koffice-libs\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"koshell\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kpresenter\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kspread\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kugar\", reference:\"1.3.5-4.sarge.2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kword\", reference:\"1.3.5-4.sarge.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:40", "references": [], "pluginID": "20476", "description": "Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)\n\nHeap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.\n(CVE-2005-3192)\n\nHeap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.\n(CVE-2005-3193)\n\nAn additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).\n\nIn addition, Chris Evans discovered several other vulnerabilities in the xpdf code base :\n\nOut-of-bounds heap accesses with large or negative parameters to 'FlateDecode' stream. (CVE-2005-3192)\n\nOut-of-bounds heap accesses with large or negative parameters to 'CCITTFaxDecode' stream. (CVE-2005-3624)\n\nInfinite CPU spins in various places when stream ends unexpectedly.\n(CVE-2005-3625)\n\nNULL pointer crash in the 'FlateDecode' stream. (CVE-2005-3626)\n\nOverflows of compInfo array in 'DCTDecode' stream. (CVE-2005-3627)\n\nPossible to use index past end of array in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nPossible out-of-bounds indexing trouble in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nCUPS uses an embedded copy of the xpdf code, with the same vulnerabilities.\n\nThe updated packages have been patched to correct these problems.", "edition": 5, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : cups (MDKSA-2006:010)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64cups2", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:cups-serial", "cpe:/o:mandriva:linux:2006", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:libcups2", "p-cpe:/a:mandriva:linux:lib64cups2-devel", "p-cpe:/a:mandriva:linux:cups", "p-cpe:/a:mandriva:linux:libcups2-devel", "p-cpe:/a:mandriva:linux:cups-common"], "id": "MANDRAKE_MDKSA-2006-010.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20476", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:010. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20476);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_xref(name:\"MDKSA\", value:\"2006:010\");\n\n script_name(english:\"Mandrake Linux Security Advisory : cups (MDKSA-2006:010)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple heap-based buffer overflows in the\nDCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions\nin the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,\nallow user-complicit attackers to cause a denial of service (heap\ncorruption) and possibly execute arbitrary code via a crafted PDF file\nwith an out-of-range number of components (numComps), which is used as\nan array index. (CVE-2005-3191)\n\nHeap-based buffer overflow in the StreamPredictor function in Xpdf\n3.01 allows remote attackers to execute arbitrary code via a PDF file\nwith an out-of-range numComps (number of components) field.\n(CVE-2005-3192)\n\nHeap-based buffer overflow in the JPXStream::readCodestream function\nin the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier\nallows user-complicit attackers to cause a denial of service (heap\ncorruption) and possibly execute arbitrary code via a crafted PDF file\nwith large size values that cause insufficient memory to be allocated.\n(CVE-2005-3193)\n\nAn additional patch re-addresses memory allocation routines in\ngoo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).\n\nIn addition, Chris Evans discovered several other vulnerabilities in\nthe xpdf code base :\n\nOut-of-bounds heap accesses with large or negative parameters to\n'FlateDecode' stream. (CVE-2005-3192)\n\nOut-of-bounds heap accesses with large or negative parameters to\n'CCITTFaxDecode' stream. (CVE-2005-3624)\n\nInfinite CPU spins in various places when stream ends unexpectedly.\n(CVE-2005-3625)\n\nNULL pointer crash in the 'FlateDecode' stream. (CVE-2005-3626)\n\nOverflows of compInfo array in 'DCTDecode' stream. (CVE-2005-3627)\n\nPossible to use index past end of array in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nPossible out-of-bounds indexing trouble in 'DCTDecode' stream.\n(CVE-2005-3627)\n\nCUPS uses an embedded copy of the xpdf code, with the same\nvulnerabilities.\n\nThe updated packages have been patched to correct these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-serial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"cups-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"cups-common-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"cups-serial-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64cups2-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libcups2-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libcups2-devel-1.1.21-0.rc1.7.8.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"cups-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"cups-common-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"cups-serial-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64cups2-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libcups2-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libcups2-devel-1.1.23-11.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"cups-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"cups-common-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"cups-serial-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64cups2-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libcups2-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libcups2-devel-1.1.23-17.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:50", "references": ["http://www.debian.org/security/2006/dsa-936"], "pluginID": "22802", "description": "'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.", "edition": 6, "reporter": "Tenable", "published": "2006-10-14T00:00:00", "title": "Debian DSA-936-1 : libextractor - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:libextractor"], "id": "DEBIAN_DSA-936.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22802", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-936. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22802);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2005-2097\", \"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_xref(name:\"DSA\", value:\"936\");\n\n script_name(english:\"Debian DSA-936-1 : libextractor - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'infamous41md' and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-936\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libextractor packages.\n\nThe old stable distribution (woody) does not contain libextractor\npackages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.4.2-2sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libextractor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"extract\", reference:\"0.4.2-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libextractor1\", reference:\"0.4.2-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libextractor1-dev\", reference:\"0.4.2-2sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:39", "references": ["http://www.debian.org/security/2006/dsa-950"], "pluginID": "22816", "description": "'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.", "edition": 6, "reporter": "Tenable", "published": "2006-10-14T00:00:00", "title": "Debian DSA-950-1 : cupsys - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-08-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cupsys", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-950.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22816", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-950. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22816);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_xref(name:\"DSA\", value:\"950\");\n\n script_name(english:\"Debian DSA-950-1 : cupsys - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'infamous41md' and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-950\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the CUPS packages.\n\nFor the old stable distribution (woody) these problems have been fixed\nin version 1.1.14-5woody14.\n\nCUPS doesn't use the xpdf source anymore since 1.1.22-7, when it\nswitched to using xpdf-utils for PDF processing.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"cupsys\", reference:\"1.1.14-5woody14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"cupsys-bsd\", reference:\"1.1.14-5woody14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"cupsys-client\", reference:\"1.1.14-5woody14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"cupsys-pstoraster\", reference:\"1.1.14-5woody14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcupsys2\", reference:\"1.1.14-5woody14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcupsys2-dev\", reference:\"1.1.14-5woody14\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"cupsys\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"cupsys-bsd\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"cupsys-client\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcupsimage2\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcupsimage2-dev\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcupsys2\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcupsys2-dev\", reference:\"1.1.23-10sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcupsys2-gnutls10\", reference:\"1.1.23-10sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:00", "references": ["http://www.debian.org/security/2006/dsa-962"], "pluginID": "22828", "description": "'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.", "edition": 6, "reporter": "Tenable", "published": "2006-10-14T00:00:00", "title": "Debian DSA-962-1 : pdftohtml - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:pdftohtml"], "id": "DEBIAN_DSA-962.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22828", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-962. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22828);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_xref(name:\"DSA\", value:\"962\");\n\n script_name(english:\"Debian DSA-962-1 : pdftohtml - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'infamous41md' and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-962\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pdftohtml package.\n\nThe old stable distribution (woody) does not contain pdftohtml\npackages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.36-11sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pdftohtml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"pdftohtml\", reference:\"0.36-11sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-09-18T11:13:36", "references": [], "pluginID": "56295", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-04.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Slackware Advisory SSA:2006-045-04 kdegraphics", "type": "openvas", "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-09-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56295", "id": "OPENVAS:56295", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_045_04.nasl 7141 2017-09-15 09:58:49Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,\nand -current to fix security issues with kpdf.\n\nAdditional information is also available from the KDE website:\n\nhttp://www.kde.org/info/security/advisory-20051207-2.txt\nhttp://www.kde.org/info/security/advisory-20060202-1.txt\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-045-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-045-04\";\n \nif(description)\n{\n script_id(56295);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-15 11:58:49 +0200 (Fri, 15 Sep 2017) $\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\", \"CVE-2006-0301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7141 $\");\n name = \"Slackware Advisory SSA:2006-045-04 kdegraphics \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"kdegraphics\", ver:\"3.2.3-i486-2\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdegraphics\", ver:\"3.3.2-i486-4\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdegraphics\", ver:\"3.4.2-i486-2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:48", "references": [], "pluginID": "56111", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 932-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 932-1 (xpdf)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56111", "id": "OPENVAS:56111", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_932_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 932-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.5.0-3.\n\nWe recommend that you upgrade your kpdf package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20932-1\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 932-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\";\n\n\nif(description)\n{\n script_id(56111);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 932-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.3.2-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-18T11:13:19", "references": [], "pluginID": "56293", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "title": "Slackware Advisory SSA:2006-045-09 xpdf", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-09-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56293", "id": "OPENVAS:56293", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_045_09.nasl 7141 2017-09-15 09:58:49Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-045-09\";\n \nif(description)\n{\n script_id(56293);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-15 11:58:49 +0200 (Fri, 15 Sep 2017) $\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\", \"CVE-2006-0301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7141 $\");\n name = \"Slackware Advisory SSA:2006-045-09 xpdf \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i386-3\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3a\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:07", "references": [], "pluginID": "56211", "description": "The remote host is missing an update to cupsys\nannounced via advisory DSA 950-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 950-1 (cupsys)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56211", "id": "OPENVAS:56211", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_950_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 950-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.1.23-10sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your CUPS packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20950-1\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory DSA 950-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.\";\n\n\nif(description)\n{\n script_id(56211);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 950-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-pstoraster\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.1.14-5woody14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.1.23-10sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:18", "references": [], "pluginID": "56221", "description": "The remote host is missing an update to pdftohtml\nannounced via advisory DSA 962-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 962-1 (pdftohtml)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56221", "id": "OPENVAS:56221", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_962_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 962-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.36-11sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdftohtml package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20962-1\";\ntag_summary = \"The remote host is missing an update to pdftohtml\nannounced via advisory DSA 962-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.\";\n\n\nif(description)\n{\n script_id(56221);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 962-1 (pdftohtml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pdftohtml\", ver:\"0.36-11sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:18", "references": [], "pluginID": "136141256231056293", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "title": "Slackware Advisory SSA:2006-045-09 xpdf", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231056293", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056293", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_045_09.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-045-09\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56293\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\", \"CVE-2006-0301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 9352 $\");\n name = \"Slackware Advisory SSA:2006-045-09 xpdf \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i386-3\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3a\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.01-i486-3\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:49", "references": [], "pluginID": "56110", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 931-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 931-1 (xpdf)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56110", "id": "OPENVAS:56110", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_931_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 931-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 3.00-13.4.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.01-4.\n\nWe recommend that you upgrade your xpdf package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20931-1\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 931-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.\";\n\n\nif(description)\n{\n script_id(56110);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 931-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"1.00-3.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.00-13.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:46", "references": [], "pluginID": "56146", "description": "The remote host is missing an update to libextractor\nannounced via advisory DSA 936-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor\npackages.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 936-1 (libextractor)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56146", "id": "OPENVAS:56146", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_936_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 936-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.4.2-2sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.5.8-1.\n\nWe recommend that you upgrade your libextractor packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20936-1\";\ntag_summary = \"The remote host is missing an update to libextractor\nannounced via advisory DSA 936-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor\npackages.\";\n\n\nif(description)\n{\n script_id(56146);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-2097\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 936-1 (libextractor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"extract\", ver:\"0.4.2-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libextractor1\", ver:\"0.4.2-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libextractor1-dev\", ver:\"0.4.2-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:11", "references": [], "pluginID": "56220", "description": "The remote host is missing an update to pdfkit.framework\nannounced via advisory DSA 961-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdfkit.framework, the\nGNUstep framework for rendering PDF content, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework\npackages.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 961-1 (pdfkit.framework)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56220", "id": "OPENVAS:56220", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_961_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 961-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.8-2sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdfkit.framework package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20961-1\";\ntag_summary = \"The remote host is missing an update to pdfkit.framework\nannounced via advisory DSA 961-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdfkit.framework, the\nGNUstep framework for rendering PDF content, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework\npackages.\";\n\n\nif(description)\n{\n script_id(56220);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 961-1 (pdfkit.framework)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pdfkit.framework\", ver:\"0.8-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:16", "references": [], "pluginID": "136141256231056295", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-04.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "title": "Slackware Advisory SSA:2006-045-04 kdegraphics", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231056295", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056295", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_045_04.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,\nand -current to fix security issues with kpdf.\n\nAdditional information is also available from the KDE website:\n\nhttp://www.kde.org/info/security/advisory-20051207-2.txt\nhttp://www.kde.org/info/security/advisory-20060202-1.txt\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-045-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-045-04\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56295\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_cve_id(\"CVE-2005-3191\", \"CVE-2005-3192\", \"CVE-2005-3193\", \"CVE-2005-3624\", \"CVE-2005-3625\", \"CVE-2005-3626\", \"CVE-2005-3627\", \"CVE-2005-3628\", \"CVE-2006-0301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 9352 $\");\n name = \"Slackware Advisory SSA:2006-045-04 kdegraphics \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"kdegraphics\", ver:\"3.2.3-i486-2\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdegraphics\", ver:\"3.3.2-i486-4\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"kdegraphics\", ver:\"3.4.2-i486-2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:44:47", "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2006-0160.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "any", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "any", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "any", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "any", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "alpha", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0160\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012585.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012586.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012591.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012592.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012594.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012595.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012598.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012600.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012602.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0160.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-01-19T21:19:14", "title": "tetex security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-20T17:54:12", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012585.html", "id": "CESA-2006:0160", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:44:50", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-840.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.s390x.rpm", "packageName": "xpdf", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.s390.rpm", "packageName": "xpdf", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.x86_64.rpm", "packageName": "xpdf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.ia64.rpm", "packageName": "xpdf", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.s390x.rpm", "packageName": "xpdf", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.i386.rpm", "packageName": "xpdf", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.ia64.rpm", "packageName": "xpdf", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.s390.rpm", "packageName": "xpdf", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.i386.rpm", "packageName": "xpdf", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.alpha.rpm", "packageName": "xpdf", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.ia64.rpm", "packageName": "xpdf", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.i386.rpm", "packageName": "xpdf", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.ia64.rpm", "packageName": "xpdf", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.alpha.rpm", "packageName": "xpdf", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.x86_64.rpm", "packageName": "xpdf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.i386.rpm", "packageName": "xpdf", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.10", "packageFilename": "xpdf-3.00-11.10.s390x.rpm", "packageName": "xpdf", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.s390.rpm", "packageName": "xpdf", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.7", "packageFilename": "xpdf-2.02-9.7.src.rpm", "packageName": "xpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.s390x.rpm", "packageName": "xpdf", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.x86_64.rpm", "packageName": "xpdf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.00-11.9", "packageFilename": "xpdf-3.00-11.9.s390.rpm", "packageName": "xpdf", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.02-9.8", "packageFilename": "xpdf-2.02-9.8.x86_64.rpm", "packageName": "xpdf", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:840\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012449.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012450.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012453.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012454.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012457.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012459.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012460.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012463.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012465.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012486.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012487.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012490.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012493.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012500.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012510.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012513.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012529.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012530.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-840.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-12-06T16:19:16", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "xpdf security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2005-12-22T16:13:25", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012449.html", "id": "CESA-2005:840", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:14", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.92-16", "packageFilename": "xpdf-0.92-16.i386.rpm", "packageName": "xpdf", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:840-01\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012469.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-12-07T00:42:21", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "xpdf security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2005-12-07T00:42:21", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012469.html", "id": "CESA-2005:840-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:48", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-868.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-devel-3.3.1-3.6.alpha.rpm", "packageName": "kdegraphics-devel", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.ia64.rpm", "packageName": "kdegraphics", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.i386.rpm", "packageName": "kdegraphics", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-devel-3.3.1-3.6.i386.rpm", "packageName": "kdegraphics-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.src.rpm", "packageName": "kdegraphics", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.src.rpm", "packageName": "kdegraphics", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-devel-3.3.1-3.6.ia64.rpm", "packageName": "kdegraphics-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.s390x.rpm", "packageName": "kdegraphics", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.s390.rpm", "packageName": "kdegraphics", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-devel-3.3.1-3.6.x86_64.rpm", "packageName": "kdegraphics-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.alpha.rpm", "packageName": "kdegraphics", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-devel-3.3.1-3.6.s390.rpm", "packageName": "kdegraphics-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-3.3.1-3.6.x86_64.rpm", "packageName": "kdegraphics", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.3.1-3.6", "packageFilename": "kdegraphics-devel-3.3.1-3.6.s390x.rpm", "packageName": "kdegraphics-devel", "arch": "s390x", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:868\n\n\nThe kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012498.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012505.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012518.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012519.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012520.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-868.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-12-21T02:55:30", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "kdegraphics security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2005-12-22T15:53:55", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012498.html", "id": "CESA-2005:868", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:47:07", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex", "packageFilename": "tetex-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-dvilj", "packageFilename": "tetex-dvilj-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0160-01\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012604.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvilj\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-01-30T00:51:00", "title": "tetex security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-30T00:51:00", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012604.html", "id": "CESA-2006:0160-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:45", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.92-17", "arch": "i386", "packageName": "xpdf", "packageFilename": "xpdf-0.92-17.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:840-02\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012507.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-12-22T00:12:57", "title": "xpdf security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2005-12-22T00:12:57", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012507.html", "id": "CESA-2005:840-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:00", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2006-0163.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.src.rpm", "packageName": "cups", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.src.rpm", "packageName": "cups", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.i386.rpm", "packageName": "cups-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.alpha.rpm", "packageName": "cups-devel", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-libs-1.1.17-13.3.36.i386.rpm", "packageName": "cups-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-libs-1.1.17-13.3.36.i386.rpm", "packageName": "cups-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-devel-1.1.17-13.3.36.ia64.rpm", "packageName": "cups-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-libs-1.1.17-13.3.36.x86_64.rpm", "packageName": "cups-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-libs-1.1.17-13.3.36.s390.rpm", "packageName": "cups-libs", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.src.rpm", "packageName": "cups", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.src.rpm", "packageName": "cups", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.x86_64.rpm", "packageName": "cups", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.ia64.rpm", "packageName": "cups", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.i386.rpm", "packageName": "cups-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.i386.rpm", "packageName": "cups-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-devel-1.1.17-13.3.36.i386.rpm", "packageName": "cups-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.s390x.rpm", "packageName": "cups", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm", "packageName": "cups-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.s390.rpm", "packageName": "cups-libs", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.s390x.rpm", "packageName": "cups-libs", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-libs-1.1.17-13.3.36.ia64.rpm", "packageName": "cups-libs", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm", "packageName": "cups-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.ia64.rpm", "packageName": "cups-libs", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.i386.rpm", "packageName": "cups", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-devel-1.1.17-13.3.36.s390x.rpm", "packageName": "cups-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.ia64.rpm", "packageName": "cups-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.alpha.rpm", "packageName": "cups", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-devel-1.1.17-13.3.36.x86_64.rpm", "packageName": "cups-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-libs-1.1.17-13.3.36.s390x.rpm", "packageName": "cups-libs", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.s390.rpm", "packageName": "cups-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.s390.rpm", "packageName": "cups", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.x86_64.rpm", "packageName": "cups", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.s390x.rpm", "packageName": "cups", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.s390.rpm", "packageName": "cups", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-devel-1.1.17-13.3.36.s390.rpm", "packageName": "cups-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.s390x.rpm", "packageName": "cups-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-1.1.22-0.rc1.9.10.i386.rpm", "packageName": "cups", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.10", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.alpha.rpm", "packageName": "cups-libs", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.36", "packageFilename": "cups-1.1.17-13.3.36.ia64.rpm", "packageName": "cups", "arch": "ia64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0163\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nChris Evans discovered several flaws in the way CUPS processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\nCUPS to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012557.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012558.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012559.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012561.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012562.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012563.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012564.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012571.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012572.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0163.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-01-11T22:26:57", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "cups security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "modified": "2006-01-12T13:18:24", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012557.html", "id": "CESA-2006:0163", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:44:55", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2006-0177.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.s390x.rpm", "packageName": "gpdf", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.src.rpm", "packageName": "gpdf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.i386.rpm", "packageName": "gpdf", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.alpha.rpm", "packageName": "gpdf", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.x86_64.rpm", "packageName": "gpdf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.x86_64.rpm", "packageName": "gpdf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.ia64.rpm", "packageName": "gpdf", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.4", "packageFilename": "gpdf-2.8.2-7.4.s390.rpm", "packageName": "gpdf", "arch": "s390", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0177\n\n\ngpdf is a GNOME based viewer for Portable Document Format (PDF) files.\r\n\r\nChris Evans discovered several flaws in the way gpdf processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\ngpdf to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012565.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012566.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012567.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012573.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012574.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0177.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-01-12T05:08:16", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "gpdf security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "modified": "2006-01-12T13:20:38", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012565.html", "id": "CESA-2006:0177", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:04", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-867.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "s390x", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "any", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "any", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "i386", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "s390", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "ia64", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "alpha", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.8.2-7.3", "arch": "x86_64", "packageName": "gpdf", "packageFilename": "gpdf-2.8.2-7.3.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:867\n\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012495.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012502.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012515.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012525.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012526.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-867.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-12-21T02:51:50", "title": "gpdf security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "modified": "2005-12-22T16:04:49", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012495.html", "id": "CESA-2005:867", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:44:55", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-878.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "x86_64", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "x86_64", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "i386", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "ia64", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "ia64", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "ia64", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.17-13.3.34.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "x86_64", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.17-13.3.34.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "x86_64", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.17-13.3.34.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "s390", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.17-13.3.34.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "s390x", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "s390", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "ia64", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "s390x", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "s390", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "ia64", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "alpha", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "i386", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.17-13.3.34.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "i386", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.17-13.3.34.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "s390x", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "x86_64", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "ia64", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.17-13.3.34.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "s390", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "s390x", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.17-13.3.34.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "any", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "any", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "s390x", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.17-13.3.34.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "any", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "any", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "s390", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.17-13.3.34.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "alpha", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "i386", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "alpha", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "s390x", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "i386", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.17-13.3.34.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "i386", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "i386", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.1.22-0.rc1.9.9", "arch": "i386", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "s390", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.1.17-13.3.34", "arch": "x86_64", "packageName": "cups", "packageFilename": "cups-1.1.17-13.3.34.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:878\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012482.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012483.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012488.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012492.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012499.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012508.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012512.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012531.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012532.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-878.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-12-20T23:29:16", "title": "cups security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "modified": "2005-12-22T16:16:48", "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012482.html", "id": "CESA-2005:878", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:40:16", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "0.131-11.10", "arch": "i586", "packageFilename": "gpdf-0.131-11.10.i586.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "0.112.1-26.10", "arch": "x86_64", "packageFilename": "gpdf-0.112.1-26.10.x86_64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.1-10.3", "arch": "ppc", "packageFilename": "koffice-wordprocessing-1.4.1-10.3.ppc.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "3.00-92.2", "arch": "i586", "packageFilename": "xpdf-3.00-92.2.i586.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "3.00-87.2", "arch": "x86_64", "packageFilename": "xpdf-3.00-87.2.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "3.2.1-67.16", "arch": "x86_64", "packageFilename": "kdegraphics3-pdf-3.2.1-67.16.x86_64.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "3.4.0-11.5", "arch": "i586", "packageFilename": "kdegraphics3-pdf-3.4.0-11.5.i586.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "0.4.2-3.2", "arch": "ppc", "packageFilename": "poppler-0.4.2-3.2.ppc.rpm", "packageName": "poppler", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "0.131-11.10", "arch": "x86_64", "packageFilename": "gpdf-0.131-11.10.x86_64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.10.0-12.2", "arch": "x86_64", "packageFilename": "gpdf-2.10.0-12.2.x86_64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.3.5-11.3", "arch": "x86_64", "packageFilename": "koffice-wordprocessing-1.3.5-11.3.x86_64.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "0.4.2-3.2", "arch": "x86_64", "packageFilename": "poppler-devel-0.4.2-3.2.x86_64.rpm", "packageName": "poppler-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "3.3.0-13.7", "arch": "i586", "packageFilename": "kdegraphics3-pdf-3.3.0-13.7.i586.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.3.3-3.4", "arch": "i586", "packageFilename": "koffice-wordprocessing-1.3.3-3.4.i586.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.10.0-12.2", "arch": "ppc", "packageFilename": "gpdf-2.10.0-12.2.ppc.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "3.00-92.2", "arch": "x86_64", "packageFilename": "xpdf-3.00-92.2.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "0.4.2-3.2", "arch": "ppc", "packageFilename": "poppler-devel-0.4.2-3.2.ppc.rpm", "packageName": "poppler-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "0.112.1-26.10", "arch": "i586", "packageFilename": "gpdf-0.112.1-26.10.i586.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "3.2.1-67.16", "arch": "i586", "packageFilename": "kdegraphics3-pdf-3.2.1-67.16.i586.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.10.0-4.4", "arch": "x86_64", "packageFilename": "gpdf-2.10.0-4.4.x86_64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.3-67.4", "arch": "x86_64", "packageFilename": "koffice-wordprocessing-1.3-67.4.x86_64.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "0.4.2-3.2", "arch": "x86_64", "packageFilename": "poppler-0.4.2-3.2.x86_64.rpm", "packageName": "poppler", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "1.2.92-89", "arch": "i586", "packageFilename": "koffice-wordprocessing-1.2.92-89.i586.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "3.00-78.11", "arch": "x86_64", "packageFilename": "xpdf-3.00-78.11.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.02pl1-150", "arch": "x86_64", "packageFilename": "xpdf-2.02pl1-150.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "3.4.2-12.2", "arch": "ppc", "packageFilename": "kdegraphics3-pdf-3.4.2-12.2.ppc.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.1-10.3", "arch": "i586", "packageFilename": "koffice-wordprocessing-1.4.1-10.3.i586.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.3.3-3.4", "arch": "x86_64", "packageFilename": "koffice-wordprocessing-1.3.3-3.4.x86_64.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "3.00-87.2", "arch": "i586", "packageFilename": "xpdf-3.00-87.2.i586.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "3.00-64.35", "arch": "i586", "packageFilename": "xpdf-3.00-64.35.i586.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "1.2.92-89", "arch": "x86_64", "packageFilename": "koffice-wordprocessing-1.2.92-89.x86_64.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "3.4.2-12.2", "arch": "x86_64", "packageFilename": "kdegraphics3-pdf-3.4.2-12.2.x86_64.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "3.4.0-11.5", "arch": "x86_64", "packageFilename": "kdegraphics3-pdf-3.4.0-11.5.x86_64.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.10.0-4.4", "arch": "i586", "packageFilename": "gpdf-2.10.0-4.4.i586.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "0.4.2-3.2", "arch": "i586", "packageFilename": "poppler-0.4.2-3.2.i586.rpm", "packageName": "poppler", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "3.4.2-12.2", "arch": "i586", "packageFilename": "kdegraphics3-pdf-3.4.2-12.2.i586.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "3.3.0-13.7", "arch": "x86_64", "packageFilename": "kdegraphics3-pdf-3.3.0-13.7.x86_64.rpm", "packageName": "kdegraphics3-pdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "3.00-78.11", "arch": "i586", "packageFilename": "xpdf-3.00-78.11.i586.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.10.0-12.2", "arch": "i586", "packageFilename": "gpdf-2.10.0-12.2.i586.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "0.4.2-3.2", "arch": "i586", "packageFilename": "poppler-devel-0.4.2-3.2.i586.rpm", "packageName": "poppler-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "3.00-64.35", "arch": "x86_64", "packageFilename": "xpdf-3.00-64.35.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.3-67.4", "arch": "i586", "packageFilename": "koffice-wordprocessing-1.3-67.4.i586.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.02pl1-150", "arch": "i586", "packageFilename": "xpdf-2.02pl1-150.i586.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "1.4.1-10.3", "arch": "x86_64", "packageFilename": "koffice-wordprocessing-1.4.1-10.3.x86_64.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.3.5-11.3", "arch": "i586", "packageFilename": "koffice-wordprocessing-1.3.5-11.3.i586.rpm", "packageName": "koffice-wordprocessing", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "3.00-92.2", "arch": "ppc", "packageFilename": "xpdf-3.00-92.2.ppc.rpm", "packageName": "xpdf", "operator": "lt"}], "description": "\"infamous41md\", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. Copies of xpdf code are also contained in cups, kpdf, kword, gpdf, libextractor, pdf2html, poppler and tetex. Updates for those are in the works.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2006-01-11T12:03:37", "title": "remote code execution in xpdf,kpdf,gpdf,kword", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-11T12:03:37", "id": "SUSE-SA:2006:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-01/msg00007.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:11", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628", "https://bugs.gentoo.org/show_bug.cgi?id=115851", "https://bugs.gentoo.org/show_bug.cgi?id=114429", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192", "http://www.kde.org/info/security/advisory-20051207-2.txt", "https://security.gentoo.org/security/en/glsa/glsa-200512-08.xml"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4.2-r6", "packageName": "app-office/koffice", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.4.3-r3", "packageName": "kde-base/kpdf", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4.2-r6", "packageName": "app-office/kword", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.4.3-r3", "packageName": "kde-base/kdegraphics", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nKPdf is a KDE-based PDF viewer included in the kdegraphics package. KWord is a KDE-based word processor also included in the koffice package. \n\n### Description\n\nKPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with Kpdf or KWord, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdegraphics users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdegraphics-3.4.3-r3\"\n\nAll Kpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kpdf-3.4.3-r3\"\n\nAll KOffice users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/koffice-1.4.2-r6\"\n\nAll KWord users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/kword-1.4.2-r6\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "KPdf, KWord: Multiple overflows in included Xpdf code", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-01-07T00:00:00", "id": "GLSA-200601-02", "href": "https://security.gentoo.org/glsa/200601-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:53", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625", "https://bugs.gentoo.org/show_bug.cgi?id=115789", "https://bugs.gentoo.org/show_bug.cgi?id=118665", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626", "https://bugs.gentoo.org/show_bug.cgi?id=117495", "https://bugs.gentoo.org/show_bug.cgi?id=117481", "https://bugs.gentoo.org/show_bug.cgi?id=117494"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.5.9", "packageFilename": "UNKNOWN", "packageName": "media-libs/libextractor", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.10.0-r3", "packageFilename": "UNKNOWN", "packageName": "app-text/gpdf", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.4.3-r4", "packageFilename": "UNKNOWN", "packageName": "app-text/poppler", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.36-r4", "packageFilename": "UNKNOWN", "packageName": "app-text/pdftohtml", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.01-r5", "packageFilename": "UNKNOWN", "packageName": "app-text/xpdf", "arch": "all", "operator": "lt"}], "description": "### Background\n\nXpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data from files. pdftohtml is a utility to convert PDF files to HTML or XML formats that makes use of Xpdf code to decode PDF files. \n\n### Description\n\nChris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files. \n\n### Impact\n\nBy sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r5\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/poppler-0.4.3-r4\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r3\"\n\nAll libextractor users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libextractor-0.5.9\"\n\nAll pdftohtml users should migrate to the latest stable version of Poppler.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-01-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "modified": "2006-01-30T00:00:00", "id": "GLSA-200601-17", "href": "https://security.gentoo.org/glsa/200601-17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:39", "references": ["http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191", "https://bugs.gentoo.org/show_bug.cgi?id=115286", "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192", "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193", "https://bugs.gentoo.org/show_bug.cgi?id=114428"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.4.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-text/poppler", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.01-r2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-text/xpdf", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.10.0-r2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-text/gpdf", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.1.23-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-print/cups", "operator": "lt"}], "edition": 1, "description": "### Background\n\nXpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. \n\n### Description\n\ninfamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows. \n\n### Impact\n\nAn attacker could entice a user to open a specially-crafted PDF file which would trigger an overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or Poppler. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r2\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r2\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose app-text/poppler\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.1.23-r3\"", "reporter": "Gentoo Foundation", "published": "2005-12-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-17T00:00:00", "id": "GLSA-200512-08", "href": "https://security.gentoo.org/glsa/200512-08", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:56", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=115775", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193", "https://security.gentoo.org/security/en/glsa/glsa-200512-08.xml"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0.2-r2", "packageName": "app-text/cstetex", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0.2-r8", "packageName": "app-text/tetex", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.1.5-r1", "packageName": "app-text/ptex", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nteTex is a complete TeX distribution. It is used for creating and manipulating LaTeX documents. CSTeX is a TeX distribution with Czech and Slovak support. pTeX is and ASCII publishing TeX distribution. \n\n### Description\n\nCSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with teTeX, pTeX or CSTeX, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll teTex users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/tetex-2.0.2-r8\"\n\nAll CSTeX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/cstetex-2.0.2-r2\"\n\nAll pTeX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/ptex-3.1.5-r1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2006-03-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3193"], "modified": "2006-03-04T00:00:00", "id": "GLSA-200603-02", "href": "https://security.gentoo.org/glsa/200603-02", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:13", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "10.1", "packageVersion": "3.3.2", "arch": "i486", "packageFilename": "kdegraphics-3.3.2-i486-4.tgz", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.0", "packageVersion": "3.2.3", "arch": "i486", "packageFilename": "kdegraphics-3.2.3-i486-2.tgz", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.2", "packageVersion": "3.4.2", "arch": "i486", "packageFilename": "kdegraphics-3.4.2-i486-2.tgz", "packageName": "kdegraphics", "operator": "lt"}], "description": "New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,\nand -current to fix security issues with kpdf.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\nAdditional information is also available from the KDE website:\n\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and\n heap overflows in kpdf to fix possible security bugs with malformed\n PDF files.\n For more information, see:\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdegraphics-3.2.3-i486-2.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdegraphics-3.3.2-i486-4.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdegraphics-3.4.2-i486-2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdegraphics-3.5.1-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\nda13535a269210c3e8aff65ef17e2442 kdegraphics-3.2.3-i486-2.tgz\n\nSlackware 10.1 package:\n1499ba1755da9e69a6b69031b2919eb2 kdegraphics-3.3.2-i486-4.tgz\n\nSlackware 10.2 package:\n5bb6d9647f5d48d00cbd698e9aa5821e kdegraphics-3.4.2-i486-2.tgz\n\nSlackware -current package:\na3dc06eee3e19500f39ee1ecbac977e1 kdegraphics-3.5.1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg kdegraphics-3.4.2-i486-2.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2006-02-14T16:27:14", "title": "kdegraphics", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-02-14T16:27:14", "id": "SSA-2006-045-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:36:42", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "10.2", "packageVersion": "3.01", "arch": "i486", "packageFilename": "xpdf-3.01-i486-3.tgz", "packageName": "xpdf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.0", "packageVersion": "3.01", "arch": "i486", "packageFilename": "xpdf-3.01-i486-3.tgz", "packageName": "xpdf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.0", "packageVersion": "3.01", "arch": "i386", "packageFilename": "xpdf-3.01-i386-3.tgz", "packageName": "xpdf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "10.1", "packageVersion": "3.01", "arch": "i486", "packageFilename": "xpdf-3.01-i486-3a.tgz", "packageName": "xpdf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "9.1", "packageVersion": "3.01", "arch": "i486", "packageFilename": "xpdf-3.01-i486-3.tgz", "packageName": "xpdf", "operator": "lt"}], "description": "New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to\n fix integer and heap overflows in xpdf triggered by malformed PDF files.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/xpdf-3.01-i386-3.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.01-i486-3a.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.01-i486-3.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\nfebda74afb06e94f745ef2d02867b505 xpdf-3.01-i386-3.tgz\n\nSlackware 9.1 package:\n1dd5847ecf094359fe712850391e7b37 xpdf-3.01-i486-3.tgz\n\nSlackware 10.0 package:\nabd65f71b8484579aa4b1ce081b4d61e xpdf-3.01-i486-3.tgz\n\nSlackware 10.1 package:\n9270fb578380221d9e642c7d80fac931 xpdf-3.01-i486-3a.tgz\n\nSlackware 10.2 package:\n8c85579182d43d56920e5a79063b447e xpdf-3.01-i486-3.tgz\n\nSlackware -current package:\n172d66fd19dbf8ceca0a25a6c17e75c2 xpdf-3.01-i486-3.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xpdf-3.01-i486-3.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2006-02-14T16:28:51", "title": "xpdf", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-02-14T16:28:51", "id": "SSA-2006-045-09", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T02:37:06", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "10.2", "packageVersion": "3.0", "arch": "i486", "packageFilename": "tetex-3.0-i486-2_10.2.tgz", "packageName": "tetex", "operator": "lt"}], "description": "New tetex packages are available for Slackware 10.2 and -current to\nfix a possible security issue. teTeX-3.0 incorporates some code from \nthe xpdf program which has been shown to have various overflows that\ncould result in program crashes or possibly the execution of arbitrary\ncode as the teTeX user. This is especially important to consider if\nteTeX is being used as part of a printer filter.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/tetex-3.0-i486-2_10.2.tgz: Regenerated the etex.fmt files\n with etex, not pdfetex. This is more appropriate since etex is a binary,\n not a link to pdfetex. Thanks to John Breckenridge for reporting the issue.\n Added --disable-a4, and fixed the texconfig for US paper default in the\n build script. Thanks to Marc Benstein and Jingmin Zhou for reporting this.\n Improved /tmp use security.\n Patched a possible security issue in library code borrowed from xpdf that's\n used in pdfetex.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tetex-3.0-i486-2_10.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/t/tetex-3.0-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/t/tetex-doc-3.0-i486-2.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\ncdf43c3573e8235aa15bea3a6960a4e8 tetex-3.0-i486-2_10.2.tgz\n\nSlackware -current packages:\nbaae094f336ffc8a553328cc6d41d81a tetex-3.0-i486-2.tgz\nbf14a46df01c748b088b4b54010ddb98 tetex-doc-3.0-i486-2.tgz\n\n\nInstallation instructions:\n\nUpgrade the package(s) as root:\n > upgradepkg tetex-3.0-i486-2_10.2.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2006-05-22T15:14:23", "title": "tetex PDF security", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3193"], "modified": "2006-05-22T15:14:23", "id": "SSA-2006-142-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.399813", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-05-11T21:13:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ppc", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ppc", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-dvilj", "packageFilename": "tetex-dvilj-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "x86_64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ppc", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-67.9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-dvilj", "packageFilename": "tetex-dvilj-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-latex", "packageFilename": "tetex-latex-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ppc", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390", "packageName": "tetex-latex", "packageFilename": "tetex-latex-1.0.7-67.9.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex", "packageFilename": "tetex-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ppc", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-afm", "packageFilename": "tetex-afm-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ppc", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex", "packageFilename": "tetex-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex", "packageFilename": "tetex-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "i386", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "s390x", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-67.9.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "ia64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-1.0.7-38.5E.10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-fonts", "packageFilename": "tetex-fonts-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "i386", "packageName": "tetex", "packageFilename": "tetex-1.0.7-67.9.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ia64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "x86_64", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-2.0.2-22.EL4.7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-67.9", "arch": "ppc", "packageName": "tetex-xdvi", "packageFilename": "tetex-xdvi-1.0.7-67.9.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-doc", "packageFilename": "tetex-doc-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.7-38.5E.10", "arch": "i386", "packageName": "tetex-dvips", "packageFilename": "tetex-dvips-1.0.7-38.5E.10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "ia64", "packageName": "tetex-doc", "packageFilename": "tetex-doc-2.0.2-22.EL4.7.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.2-22.EL4.7", "arch": "s390x", "packageName": "tetex-afm", "packageFilename": "tetex-afm-2.0.2-22.EL4.7.s390x.rpm", "operator": "lt"}], "description": "TeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "reporter": "RedHat", "published": "2006-01-19T05:00:00", "type": "redhat", "title": "(RHSA-2006:0160) tetex security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:27:14", "id": "RHSA-2006:0160", "href": "https://access.redhat.com/errata/RHSA-2006:0160", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-28T01:01:09", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.00-11.10", "arch": "ia64", "packageFilename": "xpdf-3.00-11.10.ia64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.02-9.8", "arch": "ia64", "packageFilename": "xpdf-2.02-9.8.ia64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.02-9.8", "arch": "s390x", "packageFilename": "xpdf-2.02-9.8.s390x.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.00-11.10", "arch": "x86_64", "packageFilename": "xpdf-3.00-11.10.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.00-11.10", "arch": "s390", "packageFilename": "xpdf-3.00-11.10.s390.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.00-11.10", "arch": "s390x", "packageFilename": "xpdf-3.00-11.10.s390x.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.02-9.8", "arch": "x86_64", "packageFilename": "xpdf-2.02-9.8.x86_64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.00-11.10", "arch": "i386", "packageFilename": "xpdf-3.00-11.10.i386.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.02-9.8", "arch": "s390", "packageFilename": "xpdf-2.02-9.8.s390.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.92-17", "arch": "ia64", "packageFilename": "xpdf-0.92-17.ia64.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.00-11.10", "arch": "ppc", "packageFilename": "xpdf-3.00-11.10.ppc.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.02-9.8", "arch": "i386", "packageFilename": "xpdf-2.02-9.8.i386.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.02-9.8", "arch": "ppc", "packageFilename": "xpdf-2.02-9.8.ppc.rpm", "packageName": "xpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.92-17", "arch": "i386", "packageFilename": "xpdf-0.92-17.i386.rpm", "packageName": "xpdf", "operator": "lt"}], "description": "The xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.", "reporter": "RedHat", "published": "2005-12-06T05:00:00", "type": "redhat", "title": "(RHSA-2005:840) xpdf security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:26:40", "id": "RHSA-2005:840", "href": "https://access.redhat.com/errata/RHSA-2005:840", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics-devel", "packageFilename": "kdegraphics-devel-3.3.1-3.6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics-devel", "packageFilename": "kdegraphics-devel-3.3.1-3.6.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics-devel", "packageFilename": "kdegraphics-devel-3.3.1-3.6.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics-devel", "packageFilename": "kdegraphics-devel-3.3.1-3.6.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics-devel", "packageFilename": "kdegraphics-devel-3.3.1-3.6.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics", "packageFilename": "kdegraphics-3.3.1-3.6.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.6", "packageName": "kdegraphics-devel", "packageFilename": "kdegraphics-devel-3.3.1-3.6.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.", "reporter": "RedHat", "published": "2005-12-20T05:00:00", "type": "redhat", "title": "(RHSA-2005:868) kdegraphics security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:10:48", "id": "RHSA-2005:868", "href": "https://access.redhat.com/errata/RHSA-2005:868", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "x86_64", "packageFilename": "gpdf-2.8.2-7.4.x86_64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "src", "packageFilename": "gpdf-2.8.2-7.4.src.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "ia64", "packageFilename": "gpdf-2.8.2-7.4.ia64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "i386", "packageFilename": "gpdf-2.8.2-7.4.i386.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "ppc", "packageFilename": "gpdf-2.8.2-7.4.ppc.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "s390", "packageFilename": "gpdf-2.8.2-7.4.s390.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.4", "arch": "s390x", "packageFilename": "gpdf-2.8.2-7.4.s390x.rpm", "packageName": "gpdf", "operator": "lt"}], "description": "gpdf is a GNOME based viewer for Portable Document Format (PDF) files.\r\n\r\nChris Evans discovered several flaws in the way gpdf processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\ngpdf to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "reporter": "RedHat", "published": "2006-01-11T05:00:00", "type": "redhat", "title": "(RHSA-2006:0177) gpdf security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:02", "id": "RHSA-2006:0177", "href": "https://access.redhat.com/errata/RHSA-2006:0177", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-08T08:04:31", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.10.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.10.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.10", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.10.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nChris Evans discovered several flaws in the way CUPS processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\nCUPS to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "reporter": "RedHat", "published": "2006-01-11T05:00:00", "type": "redhat", "title": "(RHSA-2006:0163) cups security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:48:06", "id": "RHSA-2006:0163", "href": "https://access.redhat.com/errata/RHSA-2006:0163", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "x86_64", "packageFilename": "gpdf-2.8.2-7.3.x86_64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "src", "packageFilename": "gpdf-2.8.2-7.3.src.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "ia64", "packageFilename": "gpdf-2.8.2-7.3.ia64.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "i386", "packageFilename": "gpdf-2.8.2-7.3.i386.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "ppc", "packageFilename": "gpdf-2.8.2-7.3.ppc.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "s390", "packageFilename": "gpdf-2.8.2-7.3.s390.rpm", "packageName": "gpdf", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.8.2-7.3", "arch": "s390x", "packageFilename": "gpdf-2.8.2-7.3.s390x.rpm", "packageName": "gpdf", "operator": "lt"}], "description": "The gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "reporter": "RedHat", "published": "2005-12-20T05:00:00", "type": "redhat", "title": "(RHSA-2005:867) gpdf security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:18:27", "id": "RHSA-2005:867", "href": "https://access.redhat.com/errata/RHSA-2005:867", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups", "packageFilename": "cups-1.1.22-0.rc1.9.9.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-devel", "packageFilename": "cups-devel-1.1.22-0.rc1.9.9.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.1.22-0.rc1.9.9", "packageName": "cups-libs", "packageFilename": "cups-libs-1.1.22-0.rc1.9.9.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "reporter": "RedHat", "published": "2005-12-20T05:00:00", "type": "redhat", "title": "(RHSA-2005:878) cups security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:18", "id": "RHSA-2005:878", "href": "https://access.redhat.com/errata/RHSA-2005:878", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:19:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "x86_64", "packageFilename": "kdegraphics-3.3.1-3.9.x86_64.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "x86_64", "packageFilename": "kdegraphics-devel-3.3.1-3.9.x86_64.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "src", "packageFilename": "kdegraphics-3.3.1-3.9.src.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "i386", "packageFilename": "kdegraphics-3.3.1-3.9.i386.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "i386", "packageFilename": "kdegraphics-devel-3.3.1-3.9.i386.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "ia64", "packageFilename": "kdegraphics-3.3.1-3.9.ia64.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "ia64", "packageFilename": "kdegraphics-devel-3.3.1-3.9.ia64.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "ppc", "packageFilename": "kdegraphics-3.3.1-3.9.ppc.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "ppc", "packageFilename": "kdegraphics-devel-3.3.1-3.9.ppc.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "s390", "packageFilename": "kdegraphics-3.3.1-3.9.s390.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "s390", "packageFilename": "kdegraphics-devel-3.3.1-3.9.s390.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "s390x", "packageFilename": "kdegraphics-3.3.1-3.9.s390x.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.3.1-3.9", "arch": "s390x", "packageFilename": "kdegraphics-devel-3.3.1-3.9.s390x.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}], "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a PDF file viewer.\r\n\r\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,\r\nwas incomplete. Red Hat issued kdegraphics packages with this incomplete\r\nfix in RHSA-2005:868. An attacker could construct a carefully crafted PDF\r\nfile that could cause kpdf to crash or possibly execute arbitrary code when\r\nopened. The Common Vulnerabilities and Exposures project assigned the name\r\nCVE-2006-0746 to this issue.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.", "reporter": "RedHat", "published": "2006-03-09T05:00:00", "type": "redhat", "title": "(RHSA-2006:0262) kdegraphics security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:16:52", "id": "RHSA-2006:0262", "href": "https://access.redhat.com/errata/RHSA-2006:0262", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:15", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 961-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nFebruary 1st, 2006 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : pdfkit.framework\r\nVulnerability : buffer overflows\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624\r\n CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628\r\n\r\n"infamous41md" and Chris Evans discovered several heap based buffer\r\noverflows in xpdf which are also present in pdfkit.framework, the\r\nGNUstep framework for rendering PDF content, and which can lead to a\r\ndenial of service by crashing the application or possibly to the\r\nexecution of arbitrary code.\r\n\r\nThe old stable distribution (woody) does not contain pdfkit.framework\r\npackages.\r\n\r\nFor the stable distribution (sarge) these problems have been fixed in\r\nversion 0.8-2sarge1.\r\n\r\nFor the unstable distribution (sid) these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your pdfkit.framework package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.1 alias sarge\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc\r\n Size/MD5 checksum: 725 67fb49e4f05a6eef25396d23ca0baacd\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz\r\n Size/MD5 checksum: 5699 61578e6e26adf73639b464210830896b\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz\r\n Size/MD5 checksum: 1780533 7676643ff78a0602c10bfb97fe0bd448\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb\r\n Size/MD5 checksum: 1821874 8fe74b91409115b4547ba273501e8f79\r\n\r\n AMD64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb\r\n Size/MD5 checksum: 1796698 c6f96adecd322a60d77379d1513b26dc\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb\r\n Size/MD5 checksum: 1756056 8632f1ef914df5fcc3b6c3f6dc9ce459\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb\r\n Size/MD5 checksum: 1750384 f000dee97e83dbe85941c1305e689ef2\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb\r\n Size/MD5 checksum: 1980936 dce8ad12b1ce0e5e097c51243c68f749\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb\r\n Size/MD5 checksum: 1862404 b4b0d1a421d02987330502e4a653e6a9\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb\r\n Size/MD5 checksum: 1785734 1c14679aba2cd8cd8bf7aabd42db1cf6\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb\r\n Size/MD5 checksum: 1769138 6600cf166ba6ced0b6c067338f9565c1\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb\r\n Size/MD5 checksum: 1754778 0539c52303cf950f3ea66f78eb875449\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb\r\n Size/MD5 checksum: 1770876 a8098242afc68c1dfd0c2141f95d88f5\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb\r\n Size/MD5 checksum: 1804716 88af5f5ab641839eac628f9dd36e4509\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb\r\n Size/MD5 checksum: 1779964 c07986d5367f97f1598d7e2d592fdc40\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niD8DBQFD4GGxW5ql+IAeqTIRAvQiAJ4xOAQr4GcVkPcKAGIlXuLVh+cDOgCdHp19\r\nWLOiQcmij8udAgyvS0Y7Jw4=\r\n=Fs3s\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "reporter": "Securityvulns", "published": "2006-02-01T00:00:00", "title": "[Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:15", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "modified": "2006-02-01T00:00:00", "id": "SECURITYVULNS:DOC:11258", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11258", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:15", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:005\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : xpdf\r\n Date : January 5, 2006\r\n Affected: 2006.0, Corporate 2.1, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Multiple heap-based buffer overflows in the\r\n DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions\r\n in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,\r\n allow user-complicit attackers to cause a denial of service (heap\r\n corruption) and possibly execute arbitrary code via a crafted PDF file\r\n with an out-of-range number of components (numComps), which is used as\r\n an array index. (CVE-2005-3191)\r\n \r\n Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01\r\n allows remote attackers to execute arbitrary code via a PDF file with\r\n an out-of-range numComps (number of components) field. (CVE-2005-3192)\r\n \r\n Heap-based buffer overflow in the JPXStream::readCodestream function\r\n in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier\r\n allows user-complicit attackers to cause a denial of service (heap\r\n corruption) and possibly execute arbitrary code via a crafted PDF file\r\n with large size values that cause insufficient memory to be allocated.\r\n (CVE-2005-3193)\r\n \r\n An additional patch re-addresses memory allocation routines in\r\n goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). \r\n \r\n In addition, Chris Evans discovered several other vulnerbilities in\r\n the xpdf code base:\r\n \r\n Out-of-bounds heap accesses with large or negative parameters to \r\n "FlateDecode" stream. (CVE-2005-3192)\r\n \r\n Out-of-bounds heap accesses with large or negative parameters to\r\n "CCITTFaxDecode" stream. (CVE-2005-3624)\r\n \r\n Infinite CPU spins in various places when stream ends unexpectedly.\r\n (CVE-2005-3625) \r\n \r\n NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626)\r\n \r\n Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627)\r\n \r\n Possible to use index past end of array in "DCTDecode" stream.\r\n (CVE-2005-3627)\r\n \r\n Possible out-of-bounds indexing trouble in "DCTDecode" stream.\r\n (CVE-2005-3627)\r\n \r\n The updated packages have been patched to correct these problems.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 9f0d2d83c61f4cab871138ac2866dd30 2006.0/RPMS/xpdf-3.01-1.1.20060mdk.i586.rpm\r\n 51daa161fb5581aba221d4be39c5acbc 2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n c0eb562149fe7025798ce38ef361d9c7 x86_64/2006.0/RPMS/xpdf-3.01-1.1.20060mdk.x86_64.rpm\r\n 51daa161fb5581aba221d4be39c5acbc x86_64/2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm\r\n\r\n Corporate Server 2.1:\r\n d35b8a8e201185bff3b6acfa9c3b9186 corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.i586.rpm\r\n 1f5f85d3bc3577b1141d3ea54015b63a corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm\r\n\r\n Corporate Server 2.1/X86_64:\r\n f1a715d6a7fe797d09cde9dff6db4800 x86_64/corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.x86_64.rpm\r\n 1f5f85d3bc3577b1141d3ea54015b63a x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n bfb96e34ea12293b22cd766b61da64fe corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.i586.rpm\r\n 1e4153bea0ed2092819aa88dbc67ade4 corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 0eb5eba5d264041cd67931add3d6e841 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.x86_64.rpm\r\n 1e4153bea0ed2092819aa88dbc67ade4 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\n\r\niD8DBQFDvaFkmqjQ0CJFipgRAk6mAJoDurXI2mjmzo+9721J+hFNREosUQCgo8tO\r\nke9lBlrFo2PfLgCfaOGWijo=\r\n=fq3D\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2006-01-07T00:00:00", "title": "MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:15", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624"], "modified": "2006-01-07T00:00:00", "id": "SECURITYVULNS:DOC:10913", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10913", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:15", "references": [], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200601-17\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap\r\n overflows\r\n Date: January 30, 2006\r\n Bugs: #117481, #117494, #117495, #115789, #118665\r\n ID: 200601-17\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nXpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to\r\ninteger overflows that may be exploited to execute arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nXpdf is a PDF file viewer that runs under the X Window System. Poppler\r\nis a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a\r\nPDF file viewer for the GNOME 2 platform, also based on Xpdf.\r\nlibextractor is a library which includes Xpdf code to extract arbitrary\r\nmeta-data from files. pdftohtml is a utility to convert PDF files to\r\nHTML or XML formats that makes use of Xpdf code to decode PDF files.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 app-text/xpdf < 3.01-r5 >= 3.01-r5\r\n 2 app-text/poppler < 0.4.3-r4 >= 0.4.3-r4\r\n 3 app-text/gpdf < 2.10.0-r3 >= 2.10.0-r3\r\n 4 media-libs/libextractor < 0.5.9 >= 0.5.9\r\n 5 app-text/pdftohtml < 0.36-r4 Vulnerable!\r\n -------------------------------------------------------------------\r\n NOTE: Certain packages are still vulnerable. Users should migrate\r\n to another package if one is available or wait for the\r\n existing packages to be marked stable by their\r\n architecture maintainers.\r\n -------------------------------------------------------------------\r\n 5 affected packages on all of their supported architectures.\r\n -------------------------------------------------------------------\r\n\r\nDescription\r\n===========\r\n\r\nChris Evans has reported some integer overflows in Xpdf when attempting\r\nto calculate buffer sizes for memory allocation, leading to a heap\r\noverflow and a potential infinite loop when handling malformed input\r\nfiles.\r\n\r\nImpact\r\n======\r\n\r\nBy sending a specially crafted PDF file to a victim, an attacker could\r\ncause an overflow, potentially resulting in the execution of arbitrary\r\ncode with the privileges of the user running the application.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Xpdf users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"\r\n\r\nAll Poppler users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"\r\n\r\nAll GPdf users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"\r\n\r\nAll libextractor users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"\r\n\r\nAll pdftohtml users should migrate to the latest stable version of\r\nPoppler.\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2005-3627\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\r\n [ 2 ] CVE-2005-3626\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\r\n [ 3 ] CVE-2005-3625\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\r\n [ 4 ] CVE-2005-3624\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200601-17.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2006 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.0", "edition": 1, "reporter": "Securityvulns", "published": "2006-02-01T00:00:00", "title": "[ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:15", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "modified": "2006-02-01T00:00:00", "id": "SECURITYVULNS:DOC:11253", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11253", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:14", "references": [], "description": "Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=344&type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format (PDF) files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included by various vendor's software distributions, could \r\nallow attackers to cause a denial of service (DoS) condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the Predictor stream parsing code. The \r\nStreamPredictor::StreamPredictor function from xpdf/Stream.cc takes the \r\nvalue of numComps from user-controllable data from within the PDF file. \r\nThe numComps value is used in a series of calcualations within the \r\nStreamPredictor function. Using specially crafted values, a call to \r\ngmalloc can be forced to allocate the minimum number of bytes, which \r\nmay later be overrun with user-supplied data from the PDF file leading \r\nto corruption of heap memory that might result in a DoS condition or \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in arbitrary code execution with privileges \r\nof the xpdf process. Currently, exploitation resulting in code \r\nexecution is theoretical and dependant on the process memory layout. A \r\ntypical exploitation attempt would require an attacker to supply a \r\nmalicious pdf to the victim. The victim would need to open the corrupt \r\npdf file in xpdf. Only then would the vulnerability be triggered. \r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries (version 3.01pl1) are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-3192 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2005-12-06T00:00:00", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:14", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3192"], "modified": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10557", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10557", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "references": [], "description": "Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=345&type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format (PDF) files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included by multiple vendor's software distributions, could \r\nallow attackers to cause a denial of service (DoS) condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the JPX Stream parsing code for decoding embedded JPEG \r\n2000 images. The JPXStream::readCodestream function from \r\nxpdf/JPXStream.cc takes the value of nXTiles and nYTiles from user-\r\ncontrollable data from within the PDF file. The nXTiles and nYTiles \r\nvalues are then used in a gmallocn() call as shown below.\r\n\r\nGBool JPXStream::readCodestream(Guint len) {\r\n....\r\n switch (segType) {\r\n case 0x4f: // SOC - start of codestream\r\n // marker only\r\n break;\r\n case 0x51: // SIZ - image and tile size\r\n if (!readUWord(&capabilities) ||\r\n !readULong(&img.xSize) ||\r\n !readULong(&img.ySize) ||\r\n !readULong(&img.xOffset) ||\r\n !readULong(&img.yOffset) ||\r\n !readULong(&img.xTileSize) ||\r\n !readULong(&img.yTileSize) ||\r\n !readULong(&img.xTileOffset) ||\r\n !readULong(&img.yTileOffset) ||\r\n !readUWord(&img.nComps)) {\r\n error(getPos(), "Error in JPX SIZ marker segment");\r\n return gFalse;\r\n }\r\n....\r\n img.nXTiles = (img.xSize - img.xTileOffset + img.xTileSize - 1) /\r\n img.xTileSize;\r\n img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1) /\r\n img.yTileSize;\r\n \r\n img.tiles = (JPXTile *)gmallocn(img.nXTiles * img.nYTiles,\r\n sizeof(JPXTile));\r\n\r\nThe values are used again later in JPEG format parsing code to copy \r\ndata from the file into a pre-allocated buffer in the heap. Overly \r\nlarge values supplied to nXTiles and nYTiles result in corruption of \r\nheap memory, which results in a DoS condition. This could result in \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in arbitrary code execution with privileges \r\nof the xpdf process. Currently, exploitation resulting in code \r\nexecution is theoretical and dependant on the process memory layout. A \r\ntypical exploitation attempt would require an attacker to supply a \r\nmalicious pdf to the victim. The victim would need to open the corrupt \r\npdf file in xpdf. Only then would the vulnerability be triggered.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries (version 3.01pl1) are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-3193 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2005-12-06T00:00:00", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:14", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3193"], "modified": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10555", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10555", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "references": [], "description": "Multiple Vendor xpdf DCTStream Progressive Heap Overflow\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=343&type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format (PDF) files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included by multiple vendor's software distributions, could \r\nallow attackers to cause a denial of service (DoS) condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the DCT stream parsing code. The \r\nDCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the \r\nvalue of numComps from user-controllable data from within the PDF file. \r\nThe numComps value is used in a loop to copy data from the file into a \r\npre-allocated buffer in the heap as shown below.\r\n\r\nGBool DCTStream::readProgressiveSOF() {\r\n....\r\n numComps = str->getChar();\r\n....\r\n for (i = 0; i < numComps; ++i) {\r\n compInfo[i].id = str->getChar();\r\n c = str->getChar();\r\n compInfo[i].hSample = (c >> 4) & 0x0f;\r\n compInfo[i].vSample = c & 0x0f;\r\n compInfo[i].quantTable = str->getChar();\r\n }\r\n....\r\n\r\nOverly large values supplied to numComps result in corruption of heap \r\nmemory, resulting in a DoS condition, potentially resulting in \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation could result in arbitrary code execution with privileges \r\nof the xpdf process. Currently, exploitation resulting in code \r\nexecution is theoretical and dependant on the process memory layout. A \r\ntypical exploitation attempt would require an attacker to supply a \r\nmalicious pdf to the victim. The victim would need to open the corrupt \r\npdf file in xpdf, and at this point the vulnerability would be \r\ntriggered. \r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries (version 3.01pl1) are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-3191 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2005-12-06T00:00:00", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:14", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3191"], "modified": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10556", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10556", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "references": [], "description": "Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 12.05.05\r\nwww.idefense.com/application/poi/display?id=342&type=vulnerabilities\r\nDecember 5, 2005\r\n\r\nI. BACKGROUND\r\n\r\nXpdf is an open-source viewer for Portable Document Format (PDF) files.\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of a heap-based buffer overflow vulnerability in \r\nxpdf, as included in various vendors' operating system distributions, \r\ncould allow attackers to cause a denial of service condition, \r\npotentially resulting in arbitrary code execution. \r\n\r\nThe vulnerability specifically exists due to insufficient input \r\nvalidation in the DCT stream parsing code. The \r\nDCTStream::readBaselineSOF function from xpdf/Stream.cc takes the value \r\nof numComps from user-controllable data from within the PDF file. The \r\nnumComps value is used in a loop to copy data from the file into a pre-\r\nallocated buffer in the heap, shown as follows:\r\n\r\nGBool DCTStream::readBaselineSOF() {\r\n....\r\n numComps = str->getChar();\r\n....\r\n for (i = 0; i < numComps; ++i) {\r\n compInfo[i].id = str->getChar();\r\n c = str->getChar();\r\n compInfo[i].hSample = (c >> 4) & 0x0f;\r\n compInfo[i].vSample = c & 0x0f;\r\n compInfo[i].quantTable = str->getChar();\r\n }\r\n....\r\n\r\nOverly large values supplied to numComps will result in corruption of \r\nheap memory resulting in a DoS condition, potentially resulting in \r\narbitrary code execution.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of this vulnerability can result in arbitrary \r\ncode execution with privileges of the xpdf process. Currently, \r\nexploitation resulting in code execution is theoretical and dependant \r\non the process memory layout. A typical exploitation attempt would \r\nrequire an attacker to supply a malicious .pdf to the victim. The \r\nvictim would need to open the corrupt .pdf file in xpdf, triggering the \r\nvulnerability. \r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in xpdf \r\n3.01. All earlier versions of xpdf are suspected vulnerable.\r\n\r\nThe following vendors include susceptible xpdf packages within their \r\noperating system distributions:\r\n\r\n . The Debian Project: Linux 3.0 and 3.1 \r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any effective workarounds for this \r\nvulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nA patch for this vulnerability is available at:\r\n \r\n ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch\r\n\r\nUpdated binaries (version 3.01pl1) are available at:\r\n\r\n http://www.foolabs.com/xpdf/download.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-3191 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/13/2005 Initial vendor notification\r\n10/19/2005 Initial vendor response\r\n12/05/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDefense credits infamous41md@hotpop.com with the discovery of this \r\nvulnerability.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.iDefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.iDefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright C 2005 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@iDefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2005-12-06T00:00:00", "title": "iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:14", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3191"], "modified": "2005-12-06T00:00:00", "id": "SECURITYVULNS:DOC:10554", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10554", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:16", "references": [], "description": "\r\nKDE Security Advisory: kpdf/xpdf heap based buffer overflow\r\nOriginal Release Date: 2006-03-10\r\nURL: http://www.kde.org/info/security/advisory-20060202-1.txt\r\n\r\n0. References\r\n CVE-2006-0746\r\n\r\n\r\n1. Systems affected:\r\n\r\n KDE 3.3.2 with patch from CVE-2005-3627 applied. Please\r\n note that the patch for KDE 3.4.x and newer was correct and\r\n is unaffected.\r\n\r\n\r\n2. Overview:\r\n\r\n kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains\r\n multiple vulnerabilities, one of them being CVE-2005-3627,\r\n that was patched in the KDE security advisory 20051207-2.\r\n However, the patch published for KDE 3.3.x was faulty and\r\n only partially fixed the vulnerability. We'd like to thank\r\n Marcelo Ricardo Leitner for bringing this error to our attention.\r\n The Common Vulnerabilities and Exposures project has assigned\r\n CVE-2006-0746 to this issue.\r\n\r\n\r\n3. Impact:\r\n\r\n Remotely supplied pdf files can be used to execute arbitrary\r\n code on the client machine.\r\n\r\n\r\n4. Solution:\r\n\r\n Source code patches have been made available which fix these\r\n vulnerabilities. Contact your OS vendor / binary package provider\r\n for information about how to obtain updated binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n Patch for KDE 3.3.2 and newer is available from \r\n ftp://ftp.kde.org/pub/kde/security_patches :\r\n\r\n ea346b89a3b39915abbfd56841b9df23 post-3.3.2-kdegraphics-CVE-2006-0746.diff\r\n\r\n\r\n\r\n-- \r\nDirk//\", "edition": 1, "reporter": "Securityvulns", "published": "2006-03-10T00:00:00", "title": "[KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:16", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "modified": "2006-03-10T00:00:00", "id": "SECURITYVULNS:DOC:11776", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11776", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2017-10-11T11:06:23", "references": ["http://www.vupen.com/english/advisories/2007/2280", "http://www.trustix.org/errata/2006/0002/", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.ubuntulinux.org/support/documentation/usn/usn-236-1", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html", "http://www.debian.org/security/2005/dsa-937", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://www.vupen.com/english/advisories/2006/0047", "http://www.debian.org/security/2006/dsa-950", "http://www.securityfocus.com/bid/16143", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html", "http://www.debian.org/security/2006/dsa-936", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "http://rhn.redhat.com/errata/RHSA-2006-0177.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.debian.org/security/2005/dsa-940", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://www.debian.org/security/2005/dsa-932", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "http://www.redhat.com/support/errata/RHSA-2006-0163.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24023", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"], "description": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"", "edition": 4, "reporter": "NVD", "published": "2005-12-31T00:00:00", "title": "CVE-2005-3625", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:23", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9575", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3625"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9575", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9575"}], "modified": "2017-10-10T21:30:27", "cpe": ["cpe:/o:redhat:fedora_core:core_4.0", "cpe:/o:trustix:secure_linux:2.0", "cpe:/a:kde:kpdf:3.4.3", "cpe:/o:redhat:enterprise_linux:3.0::enterprise_server", "cpe:/o:suse:suse_linux:9.3::x86_64", "cpe:/a:tetex:tetex:2.0.1", "cpe:/a:kde:koffice:1.4", "cpe:/o:debian:debian_linux:3.0::s-390", "cpe:/o:redhat:enterprise_linux:4.0::workstation", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0", "cpe:/o:debian:debian_linux:3.1::ppc", "cpe:/o:redhat:enterprise_linux:3.0::advanced_server", "cpe:/o:sco:openserver:5.0.7", "cpe:/o:redhat:enterprise_linux:2.1::enterprise_server", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:debian:debian_linux:3.0::hppa", "cpe:/o:suse:suse_linux:1.0", "cpe:/a:xpdf:xpdf:3.0", "cpe:/o:debian:debian_linux:3.1::sparc", "cpe:/o:suse:suse_linux:10.0::professional", "cpe:/o:debian:debian_linux:3.1::mips", "cpe:/o:turbolinux:turbolinux:fuji", "cpe:/a:easy_software_products:cups:1.1.23_rc1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/a:kde:koffice:1.4.1", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:gentoo:linux", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64", "cpe:/o:sco:openserver:6.0", "cpe:/o:debian:debian_linux:3.0", "cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64", "cpe:/o:redhat:enterprise_linux:4.0::advanced_server", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:turbolinux:turbolinux_server:10.0_x86", "cpe:/o:ubuntu:ubuntu_linux:5.10::amd64", "cpe:/o:ubuntu:ubuntu_linux:5.04::amd64", "cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc", "cpe:/o:redhat:linux_advanced_workstation:2.1::ia64", "cpe:/a:easy_software_products:cups:1.1.22", "cpe:/o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition", "cpe:/o:suse:suse_linux:9.0::x86_64", "cpe:/o:redhat:linux:7.3::i386", "cpe:/o:debian:debian_linux:3.0::alpha", "cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64", "cpe:/o:mandrakesoft:mandrake_linux:10.2::x86-64", "cpe:/o:debian:debian_linux:3.1::ia-32", "cpe:/a:kde:koffice:1.4.2", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:suse:suse_linux:10.0::oss", "cpe:/o:redhat:fedora_core:core_2.0", "cpe:/o:turbolinux:turbolinux_desktop:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64", "cpe:/a:easy_software_products:cups:1.1.22_rc1", "cpe:/o:suse:suse_linux:9.3::professional", "cpe:/o:redhat:enterprise_linux:4.0::enterprise_server", "cpe:/o:debian:debian_linux:3.0::arm", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:ubuntu:ubuntu_linux:5.04::i386", "cpe:/o:redhat:linux:9.0::i386", "cpe:/a:poppler:poppler:0.4.2", "cpe:/o:turbolinux:turbolinux_server:8.0", "cpe:/o:debian:debian_linux:3.1::s-390", "cpe:/o:suse:suse_linux:9.1::personal", "cpe:/o:suse:suse_linux:9.0::s_390", "cpe:/o:debian:debian_linux:3.0::ppc", "cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc", "cpe:/o:debian:debian_linux:3.1::m68k", "cpe:/o:debian:debian_linux:3.1::hppa", "cpe:/o:debian:debian_linux:3.0::sparc", "cpe:/a:libextractor:libextractor", "cpe:/a:kde:kpdf:3.2", "cpe:/a:tetex:tetex:1.0.7", "cpe:/o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition", "cpe:/o:trustix:secure_linux:2.2", "cpe:/o:turbolinux:turbolinux:10", "cpe:/o:suse:suse_linux:9.2::x86_64", "cpe:/o:mandrakesoft:mandrake_linux:2006", "cpe:/o:redhat:enterprise_linux:2.1::advanced_server", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:tetex:tetex:2.0.2", "cpe:/a:kde:kword:1.4.2", "cpe:/o:debian:debian_linux:3.1::mipsel", "cpe:/o:debian:debian_linux:3.1::amd64", "cpe:/o:suse:suse_linux:9.2::professional", "cpe:/a:kde:kdegraphics:3.4.3", "cpe:/o:suse:suse_linux:9.3::personal", "cpe:/o:trustix:secure_linux:3.0", "cpe:/a:easy_software_products:cups:1.1.23", "cpe:/o:debian:debian_linux:3.1::alpha", "cpe:/a:tetex:tetex:2.0", "cpe:/o:debian:debian_linux:3.1::ia-64", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:debian:debian_linux:3.0::mipsel", "cpe:/a:kde:kdegraphics:3.2", "cpe:/o:redhat:fedora_core:core_1.0", "cpe:/o:suse:suse_linux:9.1::professional", "cpe:/a:tetex:tetex:3.0", "cpe:/o:suse:suse_linux:9.2::personal", "cpe:/o:redhat:enterprise_linux_desktop:4.0", "cpe:/o:redhat:enterprise_linux:3.0::workstation_server", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:redhat:linux_advanced_workstation:2.1::itanium", "cpe:/o:suse:suse_linux:9.0::enterprise_server", "cpe:/o:suse:suse_linux:9.1::x86_64", "cpe:/o:suse:suse_linux:9.0::professional", "cpe:/a:sgi:propack:3.0:sp6", "cpe:/o:debian:debian_linux:3.1::arm", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64", "cpe:/o:mandrakesoft:mandrake_linux:10.2", "cpe:/o:redhat:fedora_core:core_3.0", "cpe:/o:turbolinux:turbolinux_home", "cpe:/o:debian:debian_linux:3.0::ia-64", "cpe:/o:ubuntu:ubuntu_linux:5.10::i386", "cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64", "cpe:/o:debian:debian_linux:3.0::ia-32", "cpe:/o:turbolinux:turbolinux_personal", "cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64", "cpe:/o:debian:debian_linux:3.0::m68k", "cpe:/o:redhat:enterprise_linux:2.1::workstation", "cpe:/o:turbolinux:turbolinux_server:10.0", "cpe:/o:suse:suse_linux:9.0::personal", "cpe:/o:debian:debian_linux:3.0::mips", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1", "cpe:/o:turbolinux:turbolinux_multimedia", "cpe:/o:conectiva:linux:10.0", "cpe:/o:turbolinux:turbolinux_workstation:8.0"], "id": "CVE-2005-3625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3625", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T11:06:23", "references": ["http://www.vupen.com/english/advisories/2007/2280", "http://www.trustix.org/errata/2006/0002/", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.ubuntulinux.org/support/documentation/usn/usn-236-1", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html", "http://www.debian.org/security/2005/dsa-937", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://www.vupen.com/english/advisories/2006/0047", "http://www.debian.org/security/2006/dsa-950", "http://www.securityfocus.com/bid/16143", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24026", "http://www.debian.org/security/2006/dsa-936", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "http://rhn.redhat.com/errata/RHSA-2006-0177.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.debian.org/security/2005/dsa-940", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://www.debian.org/security/2005/dsa-932", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "http://www.redhat.com/support/errata/RHSA-2006-0163.html", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"], "description": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.", "edition": 4, "reporter": "NVD", "published": "2005-12-31T00:00:00", "title": "CVE-2005-3626", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:23", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9992", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9992"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3626"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9992", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9992"}], "modified": "2017-10-10T21:30:27", "cpe": ["cpe:/o:redhat:fedora_core:core_4.0", "cpe:/o:trustix:secure_linux:2.0", "cpe:/a:kde:kpdf:3.4.3", "cpe:/o:redhat:enterprise_linux:3.0::enterprise_server", "cpe:/o:suse:suse_linux:9.3::x86_64", "cpe:/a:tetex:tetex:2.0.1", "cpe:/a:kde:koffice:1.4", "cpe:/o:debian:debian_linux:3.0::s-390", "cpe:/o:redhat:enterprise_linux:4.0::workstation", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0", "cpe:/o:debian:debian_linux:3.1::ppc", "cpe:/o:redhat:enterprise_linux:3.0::advanced_server", "cpe:/o:sco:openserver:5.0.7", "cpe:/o:redhat:enterprise_linux:2.1::enterprise_server", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:debian:debian_linux:3.0::hppa", "cpe:/o:suse:suse_linux:1.0", "cpe:/a:xpdf:xpdf:3.0", "cpe:/o:debian:debian_linux:3.1::sparc", "cpe:/o:suse:suse_linux:10.0::professional", "cpe:/o:debian:debian_linux:3.1::mips", "cpe:/o:turbolinux:turbolinux:fuji", "cpe:/a:easy_software_products:cups:1.1.23_rc1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/a:kde:koffice:1.4.1", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:gentoo:linux", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64", "cpe:/o:sco:openserver:6.0", "cpe:/o:debian:debian_linux:3.0", "cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64", "cpe:/o:redhat:enterprise_linux:4.0::advanced_server", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:turbolinux:turbolinux_server:10.0_x86", "cpe:/o:ubuntu:ubuntu_linux:5.10::amd64", "cpe:/o:ubuntu:ubuntu_linux:5.04::amd64", "cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc", "cpe:/o:redhat:linux_advanced_workstation:2.1::ia64", "cpe:/a:easy_software_products:cups:1.1.22", "cpe:/o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition", "cpe:/o:suse:suse_linux:9.0::x86_64", "cpe:/o:redhat:linux:7.3::i386", "cpe:/o:debian:debian_linux:3.0::alpha", "cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64", "cpe:/o:mandrakesoft:mandrake_linux:10.2::x86-64", "cpe:/o:debian:debian_linux:3.1::ia-32", "cpe:/a:kde:koffice:1.4.2", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:suse:suse_linux:10.0::oss", "cpe:/o:redhat:fedora_core:core_2.0", "cpe:/o:turbolinux:turbolinux_desktop:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64", "cpe:/a:easy_software_products:cups:1.1.22_rc1", "cpe:/o:suse:suse_linux:9.3::professional", "cpe:/o:redhat:enterprise_linux:4.0::enterprise_server", "cpe:/o:debian:debian_linux:3.0::arm", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:ubuntu:ubuntu_linux:5.04::i386", "cpe:/o:redhat:linux:9.0::i386", "cpe:/a:poppler:poppler:0.4.2", "cpe:/o:turbolinux:turbolinux_server:8.0", "cpe:/o:debian:debian_linux:3.1::s-390", "cpe:/o:suse:suse_linux:9.1::personal", "cpe:/o:suse:suse_linux:9.0::s_390", "cpe:/o:debian:debian_linux:3.0::ppc", "cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc", "cpe:/o:debian:debian_linux:3.1::m68k", "cpe:/o:debian:debian_linux:3.1::hppa", "cpe:/o:debian:debian_linux:3.0::sparc", "cpe:/a:libextractor:libextractor", "cpe:/a:kde:kpdf:3.2", "cpe:/a:tetex:tetex:1.0.7", "cpe:/o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition", "cpe:/o:trustix:secure_linux:2.2", "cpe:/o:turbolinux:turbolinux:10", "cpe:/o:suse:suse_linux:9.2::x86_64", "cpe:/o:mandrakesoft:mandrake_linux:2006", "cpe:/o:redhat:enterprise_linux:2.1::advanced_server", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:tetex:tetex:2.0.2", "cpe:/a:kde:kword:1.4.2", "cpe:/o:debian:debian_linux:3.1::mipsel", "cpe:/o:debian:debian_linux:3.1::amd64", "cpe:/o:suse:suse_linux:9.2::professional", "cpe:/a:kde:kdegraphics:3.4.3", "cpe:/o:suse:suse_linux:9.3::personal", "cpe:/o:trustix:secure_linux:3.0", "cpe:/a:easy_software_products:cups:1.1.23", "cpe:/o:debian:debian_linux:3.1::alpha", "cpe:/a:tetex:tetex:2.0", "cpe:/o:debian:debian_linux:3.1::ia-64", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:debian:debian_linux:3.0::mipsel", "cpe:/a:kde:kdegraphics:3.2", "cpe:/o:redhat:fedora_core:core_1.0", "cpe:/o:suse:suse_linux:9.1::professional", "cpe:/a:tetex:tetex:3.0", "cpe:/o:suse:suse_linux:9.2::personal", "cpe:/o:redhat:enterprise_linux_desktop:4.0", "cpe:/o:redhat:enterprise_linux:3.0::workstation_server", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:redhat:linux_advanced_workstation:2.1::itanium", "cpe:/o:suse:suse_linux:9.0::enterprise_server", "cpe:/o:suse:suse_linux:9.1::x86_64", "cpe:/o:suse:suse_linux:9.0::professional", "cpe:/a:sgi:propack:3.0:sp6", "cpe:/o:debian:debian_linux:3.1::arm", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64", "cpe:/o:mandrakesoft:mandrake_linux:10.2", "cpe:/o:redhat:fedora_core:core_3.0", "cpe:/o:turbolinux:turbolinux_home", "cpe:/o:debian:debian_linux:3.0::ia-64", "cpe:/o:ubuntu:ubuntu_linux:5.10::i386", "cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64", "cpe:/o:debian:debian_linux:3.0::ia-32", "cpe:/o:turbolinux:turbolinux_personal", "cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64", "cpe:/o:debian:debian_linux:3.0::m68k", "cpe:/o:redhat:enterprise_linux:2.1::workstation", "cpe:/o:turbolinux:turbolinux_server:10.0", "cpe:/o:suse:suse_linux:9.0::personal", "cpe:/o:debian:debian_linux:3.0::mips", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1", "cpe:/o:turbolinux:turbolinux_multimedia", "cpe:/o:conectiva:linux:10.0", "cpe:/o:turbolinux:turbolinux_workstation:8.0"], "id": "CVE-2005-3626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3626", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:06:23", "references": ["http://www.vupen.com/english/advisories/2007/2280", "http://www.trustix.org/errata/2006/0002/", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.ubuntulinux.org/support/documentation/usn/usn-236-1", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "http://www.debian.org/security/2005/dsa-937", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://www.vupen.com/english/advisories/2006/0047", "http://www.debian.org/security/2006/dsa-950", "http://www.securityfocus.com/bid/16143", "http://www.debian.org/security/2006/dsa-936", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24022", "http://rhn.redhat.com/errata/RHSA-2006-0177.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.debian.org/security/2005/dsa-940", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://www.debian.org/security/2005/dsa-932", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "http://www.redhat.com/support/errata/RHSA-2006-0163.html", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"], "description": "The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.", "edition": 4, "reporter": "NVD", "published": "2005-12-31T00:00:00", "title": "CVE-2005-3624", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:23", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9437", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3624"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9437", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9437"}], "modified": "2017-10-10T21:30:26", "cpe": ["cpe:/o:redhat:fedora_core:core_4.0", "cpe:/o:trustix:secure_linux:2.0", "cpe:/a:kde:kpdf:3.4.3", "cpe:/o:redhat:enterprise_linux:3.0::enterprise_server", "cpe:/o:suse:suse_linux:9.3::x86_64", "cpe:/a:tetex:tetex:2.0.1", "cpe:/a:kde:koffice:1.4", "cpe:/o:debian:debian_linux:3.0::s-390", "cpe:/o:redhat:enterprise_linux:4.0::workstation", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0", "cpe:/o:debian:debian_linux:3.1::ppc", "cpe:/o:redhat:enterprise_linux:3.0::advanced_server", "cpe:/o:sco:openserver:5.0.7", "cpe:/o:redhat:enterprise_linux:2.1::enterprise_server", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:debian:debian_linux:3.0::hppa", "cpe:/o:suse:suse_linux:1.0", "cpe:/a:xpdf:xpdf:3.0", "cpe:/o:debian:debian_linux:3.1::sparc", "cpe:/o:suse:suse_linux:10.0::professional", "cpe:/o:debian:debian_linux:3.1::mips", "cpe:/o:turbolinux:turbolinux:fuji", "cpe:/a:easy_software_products:cups:1.1.23_rc1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/a:kde:koffice:1.4.1", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:gentoo:linux", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64", "cpe:/o:sco:openserver:6.0", "cpe:/o:debian:debian_linux:3.0", "cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64", "cpe:/o:redhat:enterprise_linux:4.0::advanced_server", "cpe:/o:ubuntu:ubuntu_linux:4.1::ia64", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:turbolinux:turbolinux_server:10.0_x86", "cpe:/o:ubuntu:ubuntu_linux:5.10::amd64", "cpe:/o:ubuntu:ubuntu_linux:5.04::amd64", "cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc", "cpe:/o:redhat:linux_advanced_workstation:2.1::ia64", "cpe:/a:easy_software_products:cups:1.1.22", "cpe:/o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition", "cpe:/o:suse:suse_linux:9.0::x86_64", "cpe:/o:redhat:linux:7.3::i386", "cpe:/o:debian:debian_linux:3.0::alpha", "cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64", "cpe:/o:mandrakesoft:mandrake_linux:10.2::x86-64", "cpe:/o:debian:debian_linux:3.1::ia-32", "cpe:/a:kde:koffice:1.4.2", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:suse:suse_linux:10.0::oss", "cpe:/o:redhat:fedora_core:core_2.0", "cpe:/o:turbolinux:turbolinux_desktop:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64", "cpe:/a:easy_software_products:cups:1.1.22_rc1", "cpe:/o:suse:suse_linux:9.3::professional", "cpe:/o:redhat:enterprise_linux:4.0::enterprise_server", "cpe:/o:debian:debian_linux:3.0::arm", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:ubuntu:ubuntu_linux:5.04::i386", "cpe:/o:redhat:linux:9.0::i386", "cpe:/a:poppler:poppler:0.4.2", "cpe:/o:turbolinux:turbolinux_server:8.0", "cpe:/o:debian:debian_linux:3.1::s-390", "cpe:/o:suse:suse_linux:9.1::personal", "cpe:/o:suse:suse_linux:9.0::s_390", "cpe:/o:debian:debian_linux:3.0::ppc", "cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc", "cpe:/o:debian:debian_linux:3.1::m68k", "cpe:/o:debian:debian_linux:3.1::hppa", "cpe:/o:debian:debian_linux:3.0::sparc", "cpe:/a:libextractor:libextractor", "cpe:/a:kde:kpdf:3.2", "cpe:/a:tetex:tetex:1.0.7", "cpe:/o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition", "cpe:/o:trustix:secure_linux:2.2", "cpe:/o:turbolinux:turbolinux:10", "cpe:/o:suse:suse_linux:9.2::x86_64", "cpe:/o:mandrakesoft:mandrake_linux:2006", "cpe:/o:redhat:enterprise_linux:2.1::advanced_server", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/a:tetex:tetex:2.0.2", "cpe:/a:kde:kword:1.4.2", "cpe:/o:debian:debian_linux:3.1::mipsel", "cpe:/o:debian:debian_linux:3.1::amd64", "cpe:/o:suse:suse_linux:9.2::professional", "cpe:/a:kde:kdegraphics:3.4.3", "cpe:/o:suse:suse_linux:9.3::personal", "cpe:/o:trustix:secure_linux:3.0", "cpe:/a:easy_software_products:cups:1.1.23", "cpe:/o:debian:debian_linux:3.1::alpha", "cpe:/a:tetex:tetex:2.0", "cpe:/o:debian:debian_linux:3.1::ia-64", "cpe:/o:ubuntu:ubuntu_linux:4.1::ppc", "cpe:/o:debian:debian_linux:3.0::mipsel", "cpe:/a:kde:kdegraphics:3.2", "cpe:/o:redhat:fedora_core:core_1.0", "cpe:/o:suse:suse_linux:9.1::professional", "cpe:/a:tetex:tetex:3.0", "cpe:/o:suse:suse_linux:9.2::personal", "cpe:/o:redhat:enterprise_linux_desktop:4.0", "cpe:/o:redhat:enterprise_linux:3.0::workstation_server", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:redhat:linux_advanced_workstation:2.1::itanium", "cpe:/o:suse:suse_linux:9.0::enterprise_server", "cpe:/o:suse:suse_linux:9.1::x86_64", "cpe:/o:suse:suse_linux:9.0::professional", "cpe:/a:sgi:propack:3.0:sp6", "cpe:/o:debian:debian_linux:3.1::arm", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64", "cpe:/o:mandrakesoft:mandrake_linux:10.2", "cpe:/o:redhat:fedora_core:core_3.0", "cpe:/o:turbolinux:turbolinux_home", "cpe:/o:debian:debian_linux:3.0::ia-64", "cpe:/o:ubuntu:ubuntu_linux:5.10::i386", "cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64", "cpe:/o:debian:debian_linux:3.0::ia-32", "cpe:/o:turbolinux:turbolinux_personal", "cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64", "cpe:/o:debian:debian_linux:3.0::m68k", "cpe:/o:redhat:enterprise_linux:2.1::workstation", "cpe:/o:turbolinux:turbolinux_server:10.0", "cpe:/o:suse:suse_linux:9.0::personal", "cpe:/o:debian:debian_linux:3.0::mips", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1", "cpe:/o:turbolinux:turbolinux_multimedia", "cpe:/o:conectiva:linux:10.0", "cpe:/o:turbolinux:turbolinux_workstation:8.0"], "id": "CVE-2005-3624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3624", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-11T11:06:23", "references": ["http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://www.debian.org/security/2005/dsa-937", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.debian.org/security/2006/dsa-950", "http://www.debian.org/security/2006/dsa-936", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.debian.org/security/2005/dsa-940", "http://www.debian.org/security/2005/dsa-932", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.debian.org/security/2006/dsa-961", "http://www.redhat.com/support/errata/RHSA-2006-0160.html"], "description": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.", "edition": 3, "reporter": "NVD", "published": "2005-12-31T00:00:00", "title": "CVE-2005-3628", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:23", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10287", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3628"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10287", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10287"}], "modified": "2017-10-10T21:30:27", "cpe": ["cpe:/a:xpdf:xpdf"], "id": "CVE-2005-3628", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3628", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-06T20:31:16", "references": ["http://www.vupen.com/english/advisories/2007/2280", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/23442", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://securitytracker.com/id?1015309", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "http://www.redhat.com/support/errata/RHSA-2005-840.html", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://www.novell.com/linux/security/advisories/2006_02_sr.html", "http://www.debian.org/security/2006/dsa-950", "http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded", "http://www.debian.org/security/2006/dsa-936", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities", "http://www.debian.org/security/2006/dsa-937", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "http://www.securityfocus.com/bid/15725", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "http://www.novell.com/linux/security/advisories/2005_29_sr.html", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "https://issues.rpath.com/browse/RPL-1609", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html", "http://www.redhat.com/support/errata/RHSA-2005-878.html", "http://www.vupen.com/english/advisories/2005/2786", "http://www.vupen.com/english/advisories/2005/2788", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://www.vupen.com/english/advisories/2005/2789", "http://www.vupen.com/english/advisories/2005/2790", "http://www.debian.org/security/2005/dsa-932", "http://securitytracker.com/id?1015324", "http://www.ubuntulinux.org/usn/usn-227-1", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.kde.org/info/security/advisory-20051207-1.txt", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html", "http://www.vupen.com/english/advisories/2005/2787", "http://securityreason.com/securityalert/240", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html", "http://www.vupen.com/english/advisories/2005/2755", "http://www.redhat.com/support/errata/RHSA-2005-867.html", "http://rhn.redhat.com/errata/RHSA-2005-868.html", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "http://securityreason.com/securityalert/235", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml", "http://www.trustix.org/errata/2005/0072/", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html", "http://www.vupen.com/english/advisories/2005/2856"], "description": "Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.", "edition": 4, "reporter": "NVD", "published": "2005-12-07T20:03:00", "title": "CVE-2005-3192", "type": "cve", "enchantments": {"score": {"modified": "2018-05-06T20:31:16", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10914", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10914"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3192"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10914", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10914"}], "modified": "2018-05-02T21:29:32", "cpe": ["cpe:/a:xpdf:xpdf:3.0.1"], "id": "CVE-2005-3192", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3192", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-06T20:31:16", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/23444", "http://www.vupen.com/english/advisories/2007/2280", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://securitytracker.com/id?1015309", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "http://securityreason.com/securityalert/233", "http://www.redhat.com/support/errata/RHSA-2005-840.html", "http://www.debian.org/security/2005/dsa-937", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://securityreason.com/securityalert/234", "http://www.novell.com/linux/security/advisories/2006_02_sr.html", "http://www.debian.org/security/2006/dsa-950", "http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded", "http://www.debian.org/security/2006/dsa-936", "http://www.securityfocus.com/bid/15727", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "http://www.novell.com/linux/security/advisories/2005_29_sr.html", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/23443", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "https://issues.rpath.com/browse/RPL-1609", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289", "http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities", "http://www.debian.org/security/2005/dsa-940", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html", "http://www.redhat.com/support/errata/RHSA-2005-878.html", "http://www.vupen.com/english/advisories/2005/2786", "http://www.vupen.com/english/advisories/2005/2788", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://www.vupen.com/english/advisories/2005/2789", "http://www.vupen.com/english/advisories/2005/2790", "http://www.debian.org/security/2005/dsa-932", "http://securitytracker.com/id?1015324", "http://www.ubuntulinux.org/usn/usn-227-1", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.kde.org/info/security/advisory-20051207-1.txt", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html", "http://www.vupen.com/english/advisories/2005/2787", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html", "http://www.redhat.com/support/errata/RHSA-2005-867.html", "http://rhn.redhat.com/errata/RHSA-2005-868.html", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt", "http://www.securityfocus.com/bid/15726", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml", "http://www.trustix.org/errata/2005/0072/", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html", "http://www.vupen.com/english/advisories/2005/2856"], "description": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.", "edition": 4, "reporter": "NVD", "published": "2005-12-06T20:03:00", "title": "CVE-2005-3191", "type": "cve", "enchantments": {"score": {"modified": "2018-05-06T20:31:16", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9760", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9760"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3191"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9760", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9760"}], "modified": "2018-05-02T21:29:32", "cpe": ["cpe:/a:xpdf:xpdf:2.0", "cpe:/a:xpdf:xpdf:1.0", "cpe:/a:xpdf:xpdf:1.0a", "cpe:/a:xpdf:xpdf:3.0_pl2", "cpe:/a:xpdf:xpdf:3.0", "cpe:/a:xpdf:xpdf:1.1", "cpe:/a:xpdf:xpdf:3.0.1", "cpe:/a:xpdf:xpdf:0.92", "cpe:/a:xpdf:xpdf:2.2", "cpe:/a:xpdf:xpdf:2.1", "cpe:/a:xpdf:xpdf:2.3", "cpe:/a:xpdf:xpdf:0.91", "cpe:/a:xpdf:xpdf:0.90", "cpe:/a:xpdf:xpdf:3.0_pl3", "cpe:/a:xpdf:xpdf:0.93"], "id": "CVE-2005-3191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3191", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:06:21", "references": ["http://www.vupen.com/english/advisories/2007/2280", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://securitytracker.com/id?1015309", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "https://exchange.xforce.ibmcloud.com/vulnerabilities/23441", "http://www.redhat.com/support/errata/RHSA-2005-840.html", "http://www.debian.org/security/2005/dsa-937", "http://www.securityfocus.com/bid/15721", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://www.debian.org/security/2006/dsa-950", "http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true", "http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded", "http://www.debian.org/security/2006/dsa-936", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "http://www.novell.com/linux/security/advisories/2005_29_sr.html", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://securityreason.com/securityalert/236", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "https://issues.rpath.com/browse/RPL-1609", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.debian.org/security/2005/dsa-940", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html", "http://www.redhat.com/support/errata/RHSA-2005-878.html", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://www.vupen.com/english/advisories/2005/2789", "http://www.vupen.com/english/advisories/2005/2790", "http://www.debian.org/security/2005/dsa-932", "http://securitytracker.com/id?1015324", "http://www.ubuntulinux.org/usn/usn-227-1", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.kde.org/info/security/advisory-20051207-1.txt", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html", "http://www.vupen.com/english/advisories/2005/2787", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html", "http://www.redhat.com/support/errata/RHSA-2005-867.html", "http://rhn.redhat.com/errata/RHSA-2005-868.html", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html", "http://www.trustix.org/errata/2005/0072/", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003", "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html", "http://www.vupen.com/english/advisories/2005/2856"], "description": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.", "edition": 4, "reporter": "NVD", "published": "2005-12-06T19:03:00", "title": "CVE-2005-3193", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:21", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11440", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3193"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11440", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11440"}], "modified": "2017-10-10T21:30:23", "cpe": ["cpe:/a:xpdf:xpdf:2.0", "cpe:/a:xpdf:xpdf:1.0", "cpe:/a:xpdf:xpdf:1.0a", "cpe:/a:xpdf:xpdf:3.0_pl2", "cpe:/a:xpdf:xpdf:3.0", "cpe:/a:xpdf:xpdf:1.1", "cpe:/a:xpdf:xpdf:3.0.1", "cpe:/a:xpdf:xpdf:0.92", "cpe:/a:xpdf:xpdf:2.2", "cpe:/a:xpdf:xpdf:2.1", "cpe:/a:xpdf:xpdf:2.3", "cpe:/a:xpdf:xpdf:0.91", "cpe:/a:xpdf:xpdf:0.90", "cpe:/a:xpdf:xpdf:3.0_pl3", "cpe:/a:xpdf:xpdf:0.93"], "id": "CVE-2005-3193", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3193", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:06:23", "references": ["http://www.vupen.com/english/advisories/2007/2280", "http://www.trustix.org/errata/2006/0002/", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "http://www.ubuntulinux.org/support/documentation/usn/usn-236-1", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004", "http://www.debian.org/security/2005/dsa-938", "http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010", "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html", "http://www.debian.org/security/2005/dsa-937", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012", "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml", "http://www.vupen.com/english/advisories/2006/0047", "http://www.debian.org/security/2006/dsa-950", "http://www.securityfocus.com/bid/16143", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html", "http://www.debian.org/security/2006/dsa-936", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1", "http://rhn.redhat.com/errata/RHSA-2006-0177.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005", "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U", "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html", "http://www.debian.org/security/2005/dsa-931", "http://www.debian.org/security/2006/dsa-962", "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "http://www.debian.org/security/2005/dsa-940", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24024", "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U", "http://scary.beasts.org/security/CESA-2005-003.txt", "http://www.debian.org/security/2005/dsa-932", "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", "http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011", "http://www.kde.org/info/security/advisory-20051207-2.txt", "http://www.redhat.com/support/errata/RHSA-2006-0163.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24025", "http://www.debian.org/security/2006/dsa-961", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html", "http://www.redhat.com/support/errata/RHSA-2006-0160.html", "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"], "description": "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.", "edition": 4, "reporter": "NVD", "published": "2005-12-31T00:00:00", "title": "CVE-2005-3627", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:23", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10200", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-3627"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10200", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10200"}], "modified": "2017-10-10T21:30:27", "cpe": ["cpe:/a:xpdf:xpdf"], "id": "CVE-2005-3627", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3627", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3627", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3625", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3626", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3624"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tetex-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-reader", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-reader", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpoppler0c2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-utils", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-reader", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpoppler0c2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-utils", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tetex-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpoppler0c2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tetex-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-utils", "operator": "lt"}], "description": "Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user \u2018cupsys\u2019).", "edition": 3, "reporter": "Ubuntu", "published": "2006-01-06T00:00:00", "title": "xpdf vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "modified": "2006-01-06T00:00:00", "id": "USN-236-1", "href": "https://usn.ubuntu.com/236-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:09", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3627", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3625", "https://usn.ubuntu.com/usn/usn-236-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3626", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3624"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kword", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kpdf", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kword", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kpdf", "operator": "lt"}], "description": "USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues.\n\nFor reference, this is the original advisory:\n\nChris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.", "edition": 3, "reporter": "Ubuntu", "published": "2006-01-09T00:00:00", "title": "xpdf vulnerabilities in kword, kpdf", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "modified": "2006-01-09T00:00:00", "id": "USN-236-2", "href": "https://usn.ubuntu.com/236-2/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:56", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3193", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3191", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3192"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tetex-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys-client", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kword", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kpdf", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys-bsd", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-reader", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kword", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-reader", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kword", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpoppler0c2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-utils", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-reader", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpoppler0c2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-utils", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys-client", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys-client", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tetex-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpoppler0c2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tetex-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys-bsd", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cupsys-bsd", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kpdf", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kpdf", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xpdf-utils", "operator": "lt"}], "description": "infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user \u2018cupsys\u2019).", "edition": 3, "reporter": "Ubuntu", "published": "2005-12-12T00:00:00", "title": "xpdf vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "modified": "2005-12-12T00:00:00", "id": "USN-227-1", "href": "https://usn.ubuntu.com/227-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3627](https://vulners.com/cve/CVE-2005-3627)\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n", "reporter": "OSVDB", "published": "2006-01-03T07:33:16", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Stream.cc DCTDecode Stream Processing Multiple Function Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3627", "CVE-2005-3191"], "modified": "2006-01-03T07:33:16", "href": "https://vulners.com/osvdb/OSVDB:22236", "id": "OSVDB:22236", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:18", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21463](https://vulners.com/osvdb/OSVDB:21463)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0221.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0224.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0225.html\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n[CVE-2005-3192](https://vulners.com/cve/CVE-2005-3192)\n", "reporter": "OSVDB", "published": "2005-12-05T06:19:13", "title": "Multiple Product Xpdf/kpdf StreamPredictor Function numComps Field Overflow DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3192", "CVE-2005-3191"], "modified": "2005-12-05T06:19:13", "href": "https://vulners.com/osvdb/OSVDB:21462", "id": "OSVDB:21462", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:19", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3626](https://vulners.com/cve/CVE-2005-3626)\n", "reporter": "OSVDB", "published": "2006-01-03T07:33:16", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3626"], "modified": "2006-01-03T07:33:16", "href": "https://vulners.com/osvdb/OSVDB:22235", "id": "OSVDB:22235", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:19", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\n[CVE-2005-3628](https://vulners.com/cve/CVE-2005-3628)\n", "reporter": "OSVDB", "published": "2006-01-03T06:18:33", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf JBIG2Stream.cc JBIG2Bitmap::JBIG2Bitmap Function Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3628"], "modified": "2006-01-03T06:18:33", "href": "https://vulners.com/osvdb/OSVDB:22821", "id": "OSVDB:22821", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:19", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3624](https://vulners.com/cve/CVE-2005-3624)\n", "reporter": "OSVDB", "published": "2006-01-03T07:33:16", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function Multiple Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3624"], "modified": "2006-01-03T07:33:16", "href": "https://vulners.com/osvdb/OSVDB:22233", "id": "OSVDB:22233", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:19", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3625](https://vulners.com/cve/CVE-2005-3625)\n", "reporter": "OSVDB", "published": "2006-01-03T07:33:16", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3625"], "modified": "2006-01-03T07:33:16", "href": "https://vulners.com/osvdb/OSVDB:22234", "id": "OSVDB:22234", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:18", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17926](https://secuniaresearch.flexerasoftware.com/advisories/17926/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:17955](https://secuniaresearch.flexerasoftware.com/advisories/17955/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18520](https://secuniaresearch.flexerasoftware.com/advisories/18520/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:19125](https://secuniaresearch.flexerasoftware.com/advisories/19125/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21462](https://vulners.com/osvdb/OSVDB:21462)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0220.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\n[CVE-2005-3193](https://vulners.com/cve/CVE-2005-3193)\n", "reporter": "OSVDB", "published": "2005-12-05T06:19:13", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Multiple Product Xpdf/kpdf JPXStream.cc JPXStream::readCodestream Function Overflow", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3193"], "modified": "2005-12-05T06:19:13", "href": "https://vulners.com/osvdb/OSVDB:21463", "id": "OSVDB:21463", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T12:04:19", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "### Summary\r\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\r\n\r\n### Tested Versions\r\nPoppler-0.53.0\r\n\r\n### Product URLs\r\nhttps://poppler.freedesktop.org/\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\r\n\r\n### CWE\r\nCWE-122: Heap-based Buffer Overflow\r\n\r\n### Details\r\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\r\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\r\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4) `at [0]\r\n```\r\nGBool DCTStream::readBaselineSOF() {\r\n int length;\r\n int prec;\r\n int i;\r\n int c;\r\n\r\n length = read16();\r\n prec = str->getChar();\r\n height = read16();\r\n width = read16();\r\n numComps = str->getChar();\r\n if (numComps <= 0 || numComps > 4) {\r\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\r\n numComps = 0;\r\n return gFalse;\r\n\r\n if (prec != 8) {\r\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\r\n return gFalse;\r\n\r\n//...\r\n\r\n GBool DCTStream::readProgressiveSOF() {\r\n int length;\r\n int prec;\r\n int i;\r\n int c;\r\n\r\n length = read16();\r\n prec = str->getChar();\r\n height = read16();\r\n width = read16();\r\n numComps = str->getChar();\r\n\r\n // [0] \r\n\r\n if (prec != 8) {\r\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\r\n return gFalse;\r\n```\r\n\r\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\r\n```\r\nfor (i = 0; i < numComps; ++i) {\r\n compInfo[i].id = str->getChar();\r\n c = str->getChar();\r\n compInfo[i].hSample = (c >> 4) & 0x0f;\r\n compInfo[i].vSample = c & 0x0f;\r\n compInfo[i].quantTable = str->getChar();\r\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\r\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\r\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\r\n return gFalse;\r\n\r\n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\r\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\r\n return gFalse;\r\n```\r\n\r\n### Crash Information\r\n```\r\nRAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nRBX: 0x142dd00 --> 0x1 \r\nRCX: 0x8 \r\nRDX: 0xffffffff \r\nRSI: 0x0 \r\nRDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nRBP: 0x142de00 --> 0x100000001 \r\nRSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \r\nRIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\r\nR8 : 0x3 \r\nR9 : 0x142c280 --> 0x142c660 --> 0x0 \r\nR10: 0x7f8c6d31bbe0 --> 0x0 \r\nR11: 0x1 \r\nR12: 0x142e100 --> 0x0 \r\nR13: 0x142e100 --> 0x0 \r\nR14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nR15: 0x0\r\nEFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\r\n\r\n[-------------------------------------code-------------------------------------]\r\n0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\r\n0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\r\n0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\r\n=> 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\r\n0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\r\n0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <gfree@plt>\r\n0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\r\n0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\r\n[------------------------------------stack-------------------------------------]\r\n0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \r\n0008| 0x7ffce0c46018 --> 0x0 \r\n0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \r\n0024| 0x7ffce0c46028 --> 0x1 \r\n0032| 0x7ffce0c46030 --> 0x0 \r\n0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\r\n0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \r\n0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\r\n[------------------------------------------------------------------------------]\r\nLegend: code, data, rodata, value\r\n```\r\n\r\n### Timeline\r\n* 2017-05-17 - Vendor Disclosure\r\n* 2017-07-07 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Lilith Wyatt of Cisco Talos.", "reporter": "Root", "published": "2017-09-14T00:00:00", "type": "seebug", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability(CVE-2017-2818)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3627", "CVE-2017-2818"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-09-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96476", "id": "SSV:96476", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}], "talos": [{"lastseen": "2018-08-31T00:36:32", "references": [], "description": "# Talos Vulnerability Report\n\n### TALOS-2017-0319\n\n## Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability\n\n##### July 7, 2017\n\n##### CVE Number\n\nCVE-2017-2818\n\n### Summary\n\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\n\n### Tested Versions\n\nPoppler-0.53.0\n\n### Product URLs\n\n<https://poppler.freedesktop.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122: Heap-based Buffer Overflow\n\n### Details\n\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\n\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\n\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4)` at [0]\n \n \n GBool DCTStream::readBaselineSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n if (numComps <= 0 || numComps > 4) {\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\n numComps = 0;\n return gFalse;\n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n //...\n \n GBool DCTStream::readProgressiveSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n \n // [0] \n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\n \n \n for (i = 0; i < numComps; ++i) {\n compInfo[i].id = str->getChar();\n c = str->getChar();\n compInfo[i].hSample = (c >> 4) & 0x0f;\n compInfo[i].vSample = c & 0x0f;\n compInfo[i].quantTable = str->getChar();\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\n return gFalse;\n \n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\n return gFalse;\n \n\n### Crash Information\n \n \n RAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBX: 0x142dd00 --> 0x1 \n RCX: 0x8 \n RDX: 0xffffffff \n RSI: 0x0 \n RDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBP: 0x142de00 --> 0x100000001 \n RSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n RIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\n R8 : 0x3 \n R9 : 0x142c280 --> 0x142c660 --> 0x0 \n R10: 0x7f8c6d31bbe0 --> 0x0 \n R11: 0x1 \n R12: 0x142e100 --> 0x0 \n R13: 0x142e100 --> 0x0 \n R14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n R15: 0x0\n EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\n \n [-------------------------------------code-------------------------------------]\n 0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\n 0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\n 0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\n => 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\n 0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\n 0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <gfree@plt>\n 0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\n 0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\n [------------------------------------stack-------------------------------------]\n 0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n 0008| 0x7ffce0c46018 --> 0x0 \n 0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \n 0024| 0x7ffce0c46028 --> 0x1 \n 0032| 0x7ffce0c46030 --> 0x0 \n 0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\n 0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \n 0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\n [------------------------------------------------------------------------------]\n Legend: code, data, rodata, value\n \n\n### Timeline\n\n2017-05-17 - Vendor Disclosure \n2017-07-07 - Public Release\n\n##### Credit\n\nDiscovered by Lilith Wyatt of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2017-0321\n\nPrevious Report\n\nTALOS-2017-0289\n", "edition": 8, "reporter": "Talos Intelligence", "published": "2017-07-07T00:00:00", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability", "type": "talos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2005-3627", "CVE-2017-2818"], "modified": "2017-07-07T00:00:00", "id": "TALOS-2017-0319", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0319", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-07T16:28:16", "references": [], "edition": 1, "description": "# Talos Vulnerability Report\n\n### TALOS-2017-2818\n\n## Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability\n\n##### July 7, 2017\n\n##### CVE Number\n\nCVE-2017-0319\n\n### Summary\n\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\n\n### Tested Versions\n\nPoppler-0.53.0\n\n### Product URLs\n\n<https://poppler.freedesktop.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122: Heap-based Buffer Overflow\n\n### Details\n\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\n\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\n\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4)` at [0]\n \n \n GBool DCTStream::readBaselineSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n if (numComps <= 0 || numComps > 4) {\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\n numComps = 0;\n return gFalse;\n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n //...\n \n GBool DCTStream::readProgressiveSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n \n // [0] \n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\n \n \n for (i = 0; i < numComps; ++i) {\n compInfo[i].id = str->getChar();\n c = str->getChar();\n compInfo[i].hSample = (c >> 4) & 0x0f;\n compInfo[i].vSample = c & 0x0f;\n compInfo[i].quantTable = str->getChar();\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\n return gFalse;\n \n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\n return gFalse;\n \n\n### Crash Information\n \n \n RAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBX: 0x142dd00 --> 0x1 \n RCX: 0x8 \n RDX: 0xffffffff \n RSI: 0x0 \n RDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBP: 0x142de00 --> 0x100000001 \n RSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n RIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\n R8 : 0x3 \n R9 : 0x142c280 --> 0x142c660 --> 0x0 \n R10: 0x7f8c6d31bbe0 --> 0x0 \n R11: 0x1 \n R12: 0x142e100 --> 0x0 \n R13: 0x142e100 --> 0x0 \n R14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n R15: 0x0\n EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\n \n [-------------------------------------code-------------------------------------]\n 0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\n 0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\n 0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\n => 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\n 0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\n 0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <[email\u00a0protected]>\n 0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\n 0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\n [------------------------------------stack-------------------------------------]\n 0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n 0008| 0x7ffce0c46018 --> 0x0 \n 0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \n 0024| 0x7ffce0c46028 --> 0x1 \n 0032| 0x7ffce0c46030 --> 0x0 \n 0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\n 0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \n 0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\n [------------------------------------------------------------------------------]\n Legend: code, data, rodata, value\n \n\n### Timeline\n\n2017-05-17 - Vendor Disclosure \n2017-07-07 - Public Release\n\n##### Credit\n\nDiscovered by Lilith Wyatt of Cisco Talos.\n\n* * *\n\nBack\n", "reporter": "Talos Intelligence", "published": "2017-07-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability", "type": "talos", "bulletinFamily": "info", "cvelist": ["CVE-2005-3627", "CVE-2017-0319"], "modified": "2017-07-07T00:00:00", "id": "TALOS-2017-2818", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-2818", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "talosblog": [{"lastseen": "2017-07-29T13:22:40", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "description": "<div dir=\"ltr\" style=\"text-align: left;\" trbidi=\"on\">Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos.<br /><br /><h3 style=\"text-align: left;\">Overview</h3>Talos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim's machine. If an attacker builds a specially crafted PDF document and the victim opens it, the attackers code will be executed with the privileges of the local user. <br /><br /><a name='more'></a><br /><h3 style=\"text-align: left;\">Details</h3><div style=\"text-align: left;\">Poppler is a shared library for displaying PDF files, used as middleware within different enterprise and open source solutions (e.g. Gimp). It is forked off from XPDF and is a complete implementation of the PDF ISO standard. Talos identified three remote code execution vulnerabilities in the Poppler library.<br /><br /><b>TALOS-2017-0311 / CVE-2017-2814</b> - Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability<br /><br />An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an image resizing after allocation has already occurred, resulting in a heap corruption triggered in the DCTStream::readScan() function. This can lead to code execution with the local user rights.<br /><br /><b>TALOS-2017-0319 / CVE-2017-2818</b> - Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability<br /><br />Talos found an exploitable heap overflow vulnerability in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in a heap corruption. This can be used by an attacker to craft a PDF file that executes malicious code on the victim's computer with the rights of the local user.<br /><br />This vulnerability was formerly found (CVE-2005-3627), with a fix applied to DCTStream::readBaselineSOF, however the bug was missed in the readProgressiveSOF function.<br /><br /><b>TALOS-2017-0321 / CVE-2017-2820 - </b><span id=\"summary_alias_container\"><span id=\"short_desc_nonedit_display\">Poppler PDF library JPEG2000 levels Code Execution Vulnerability</span></span></div><div style=\"text-align: left;\"><br />Talos discovered an exploitable integer overflow vulnerability in the JPEG 2000 image parsing functionality of the Poppler 0.53.0 library. An attacker can build a specially crafted PDF file that uses this bug to trigger an integer overflow. Later in the code execution flow, this can lead to memory getting overwritten on the heap resulting in a potential arbitrary code execution with the rights of the local user. Like with the other two vulnerabilities before, a victim must open the malicious PDF in an application using this library to exploit this vulnerability. One example of a vulnerable application is the default PDF reader Evince, shipped with the latest version of Ubuntu Linux. </div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br /><h3 style=\"text-align: left;\">Additional Notes</h3>We would like to highlight that TALOS-2017-0311 and TALOS-2017-0321 are in Poppler's internal, unmaintained JPEG and JPEG2000 decoders which shouldn't ever be used. Even Poppler\u2019s documentation strongly suggests not using them. It is highly recommended to build the Poppler library with more robust and up to date external implementations such as libjpeg and openjpeg. However, Ubuntu does not do this by default for JPEG2000 and will use the unmaintained code, thus making Ubuntu-compiled versions vulnerable to these issues.<br /><br />Talos is seeing client side attacks based on malicious PDF files on a daily base. If your company is using a Popper based application, it is possible that an attacker could use one of these vulnerabilities against it in a targeted attack. This shows how important it is to keep all applications up to date and not only the operation system.</div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br />More technical details can be found in the Talos Vulnerability Reports: </div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0311\">TALOS-2017-0311</a></div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0319\">TALOS-2017-0319</a></div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0321\">TALOS-2017-0321</a></div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br /></div><h3 style=\"text-align: left;\">Coverage</h3><div style=\"text-align: left;\">The following Snort Rules will detect exploitation attempts of this vulnerability. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org<br /><br />Snort rules: 42273-42274, 42319 - 42320 , 42352-42353</div></div><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=Epb7zux15g4:WfmtXYq2U6Y:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/Epb7zux15g4\" height=\"1\" width=\"1\" alt=\"\"/>", "reporter": "noreply@blogger.com (Holger Unterbrink)", "published": "2017-07-07T08:27:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Vulnerability Spotlight: TALOS-2017-0311,0319,0321 - Multiple Remote Code Execution Vulnerability in Poppler PDF library", "type": "talosblog", "bulletinFamily": "blog", "cvelist": ["CVE-2005-3627", "CVE-2017-2814", "CVE-2017-2818", "CVE-2017-2820"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2017-07-07T15:27:54", "id": "TALOSBLOG:E92A35ABBB4E772E08533C6C9DA50867", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Epb7zux15g4/vulnerability-spotlight-talos-2017.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "i386", "packageFilename": "kdegraphics-devel-3.3.1-3.9.i386.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "x86_64", "packageFilename": "kdegraphics-3.3.1-3.9.x86_64.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "src", "packageFilename": "kdegraphics-3.3.1-3.9.src.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "src", "packageFilename": "kdegraphics-3.3.1-3.9.src.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "src", "packageFilename": "kdegraphics-3.3.1-3.9.src.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "src", "packageFilename": "kdegraphics-3.3.1-3.9.src.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "i386", "packageFilename": "kdegraphics-3.3.1-3.9.i386.rpm", "packageName": "kdegraphics", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "3.3.1-3.9", "arch": "x86_64", "packageFilename": "kdegraphics-devel-3.3.1-3.9.x86_64.rpm", "packageName": "kdegraphics-devel", "operator": "lt"}], "description": "[7:3.3.1-3.9 ]\n- apply xpdf-splash-overflow-CVE-2006-0301-fix.diff to fix CVE-2006-0301 (#184307)\n[7:3.3.1-3.8]\n- apply xpdf-splash-overflow-CVE-2006-0301-fix.diff to fix CVE-2006-0301 (#179055)\n[7:3.3.1-3.7]\n- apply patch to fix buffer overflow issue in the xpdf codebase\n when handling splash images CVE-2006-0301 (#179055)\n[7:3.3.1-3.6]\n- better fix for CAN-2005-3193\n[7:3.3.1-3.5]\n- add BuildRequires: libieee1284-devel #168356\n- backport patch to fix CAN-2005-3193, #175105\n[7:3.3.1-3.4]\n- apply patch to fix kpdf DoS CAN-2005-2097, #163925\n[7:3.3.1-3.3]\n- More fixing of CAN-2004-0888 patch (bug #135393)\n[3.3.1-3.2]\n- Applied patch to fix CAN-2005-0064\n[7:3.3.1-3.1]\n- Applied patch to fix CAN-2004-1125\n[7:3.3.1-2]\n- fix kfax to use system libtiff\n[7:3.3.1-1]\n- update to 3.3.1\n[7:3.3.0-3]\n- fix typo in buildrequires #135007\n[7:3.3.0-2]\n- only show kcmkmrml in KDE\n- set variables before use\n[3.3.0-1]\n- update to 3.3.0\n[3.3.0-0.1.rc2]\n- update to 3.3.0 rc2\n[7:3.2.3-1]\n- update to 3.2.3\n[7:3.2.2-1]\n- update to 3.2.2\n[7:3.2.1-1]\n- 3.2.1 release\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[7:3.2.0-1.4]\n- fix typo bug, _smp_mflags instead smp_mflags\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[7:3.2.0-0.3]\n- 3.2.0 release\n- built against qt 3.3.0\n- add prereq /sbin/ldconfig\n[7:3.1.95-0.1]\n- KDE 3.2 RC1\n[7:3.1.94-0.1]\n- KDE 3.2 Beta2\n[7:3.1.93-0.2]\n- get rid of rpath\n[7:3.1.93-0.1]\n- KDE 3.2 Beta1\n- cleanup\n[7:3.1.4-1]\n- 3.1.4\n[7:3.1.3-4]\n- disable kpovmodeler temporary. waiting for freeglut\n[7:3.1.3-3]\n- fixed build problem with new gcc\n[7:3.1.3-2]\n- rebuilt\n[7:3.1.3-1]\n- 3.1.3\n[3.1.2-4]\n- disable kpovmodeler temporary. waiting for freeglut\n- built with gcc-3.3-12\n- remove excludearch s390/s390x\n[7:3.1.2-3.1]\n- added epoch for versioned requires where needed\n- built for RHEL\n* Wed Jun 04 2003 Elliot Lee \n- rebuilt\n[3.1.2-2]\n- 3.1.2\n[3.1.1-2]\n- PS/PDF file handling vulnerability\n[3.1.1-1]\n- 3.1.1\n* Mon Feb 24 2003 Elliot Lee \n- debuginfo rebuild\n[3.1-3]\n- get rid of gcc path from dependency_libs\n* Wed Feb 19 2003 Elliot Lee \n- BuildRequires: glut-devel if kpovmodeler\n[3.1-1]\n- 3.1 release\n- remove excludearch ia64\n- remove some unneeded macros\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[3.1-0.3]\n- rc6\n- exclude ia64\n[3.1-0.2]\n- fix desktop file issues\n- get rid of su packages\n[3.1-0.1]\n- update to 3.1 rc4\n[3.0.5-1]\n- update to 3.0.5\n[3.0.4-1]\n- 3.0.4\n* Sun Aug 25 2002 Florian La Roche \n- compile on mainframe\n* Wed Aug 14 2002 Florian La Roche \n- change spec file to work for more archs\n[3.0.3-1]\n- 3.0.3\n- build using gcc-3.2-0.3\n[3.0.2-4]\n- desktop files issues (bug #71018)\n[3.0.2-3]\n- build using gcc-3.2-0.1\n[3.0.2-2]\n- fix desktop files issue\n[3.0.2-1]\n- 3.0.2\n- use desktop-file-install\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[3.0.1-1]\n- 3.0.1\n[3.0.0-5]\n- rename libraries\n[3.0.0-4]\n- Fix libkviewpart.* duplication (kview and kviewshell, #62749)\n- Shut up rpmlint\n[3.0.0-3]\n- Obsolete the old monolithic package\n- Fix build with gcc 3.1\n[3.0.0-2]\n- fix deps problem\n[3.0.0-1]\n- 3.0.0 final\n[3.0.0-0.cvs20020321.1]\n- Add docs for kooka and kuickshow and kfile PostScript plugin\n[3.0.0-0.cvs20020306.1]\n- Update\n- Rename subpackages\n- Dont build kamera on alpha\n[3.0.0-0.cvs20011226.1]\n- Update\n- Reorganize package\n[2.2-0.cvs20010726.1]\n- The -devel package has kscan-related files -n only. Since kscan isnt built\n on s390/s390x, dont build the devel package there.\n[2.2-0.cvs20010724.1]\n- Add more build dependencies (#48970)\n- Remove ia64 workarounds, no longer needed\n- Update\n[2.2-0.cvs20010723.1]\n- Restore -devel package, got lost during the update\n- Fix build on s390/s390x\n- Update\n[2.2-0.cvs20010722.2]\n- Make symlinks relative\n- Update\n* Wed Feb 21 2001 Bernhard Rosenkraenzer \n- 2.1-respin\n* Tue Feb 20 2001 Bernhard Rosenkraenzer \n- 2.1\n* Fri Feb 16 2001 Than Ngo \n- fix to build against glibc\n* Tue Feb 06 2001 Bernhard Rosenkraenzer \n- Get rid of libkdefakes.so.0 dependency\n* Mon Jan 22 2001 Bernhard Rosenkraenzer \n- Update\n* Mon Jan 01 2001 Bernhard Rosenkraenzer \n- Update\n* Wed Dec 20 2000 Bernhard Rosenkraenzer \n- Update\n- Stop excluding ia64\n* Wed Nov 15 2000 Bernhard Rosenkraenzer \n- Update to HEAD\n* Fri Nov 03 2000 Bernhard Rosenkraenzer \n- Update to KDE_2_0_BRANCH\n* Mon Oct 23 2000 Bernhard Rosenkraenzer \n- 2.0 final\n* Thu Aug 24 2000 Than Ngo \n- update to kdegraphics-1.93\n* Sun Aug 20 2000 Than Ngo \n- add missing kdegraphic2 package\n* Mon Aug 07 2000 Bernhard Rosenkraenzer \n- new version\n* Tue Jul 25 2000 Bernhard Rosenkraenzer \n- new snapshot\n- work around compiler bug by disabling kcoloredit for now, FIXME\n* Fri Jul 21 2000 Bernhard Rosenkraenzer \n- new snapshot\n- SMPify build\n* Sun Jul 16 2000 Than Ngo \n- use gcc 2.96\n- new snapshot\n- fix docdir\n* Fri Jun 23 2000 Bernhard Rosenkraenzer \n- Add Epoch - for some reason, rpm thinks 1.1.2 > 1.92.20000623.\n* Tue Jun 20 2000 Bernhard Rosenkraenzer \n- new snapshot\n- ExcludeArch ia64 for now\n* Sat Mar 18 2000 Bernhard Rosenkraenzer \n- new snapshot\n- move it to /usr, where it belongs\n* Sun Oct 24 1999 Bernhard Rosenkraenzer \n- Fix compilation\n* Fri Oct 22 1999 Bernhard Rosenkraenzer \n- 2.0 CVS\n* Fri Sep 24 1999 Preston Brown \n- mark doc files as such\n* Wed Sep 08 1999 Preston Brown \n- upgraded to 1.1.2 release\n* Fri Jun 11 1999 Preston Brown \n- snapshot, includes kde 1.1.1 + fixes\n* Mon Apr 19 1999 Preston Brown \n- last snapshot before release\n* Mon Apr 12 1999 Preston Brown \n- latest stable snapshot\n* Wed Feb 24 1999 Preston Brown \n- Injected new description and group.\n* Mon Feb 08 1999 Preston Brown \n- upgraded to KDE 1.1 final.\n* Sat Feb 06 1999 Preston Brown \n- updates to new libstdc++ and rpm standards.\n* Wed Jan 06 1999 Preston Brown \n- re-merged in updates from Duncan Haldane", "edition": 4, "reporter": "Oracle", "published": "2006-11-30T00:00:00", "title": "kdegraphics security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2097", "CVE-2006-0301", "CVE-2006-0746", "CVE-2005-0064", "CVE-2004-1125", "CVE-2005-3193", "CVE-2004-0888"], "modified": "2006-11-30T00:00:00", "id": "ELSA-2006-0262", "href": "http://linux.oracle.com/errata/ELSA-2006-0262.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
