ID DSA-937 Type debian Reporter Debian Modified 2006-01-12T00:00:00
Description
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
For the old stable distribution (woody) these problems have been fixed in version 1.0.7+20011202-7.7.
For the stable distribution (sarge) these problems have been fixed in version 2.0.2-30sarge4.
For the unstable distribution (sid) these problems have been fixed in version 0.4.3-2 of poppler against which tetex-bin links.
We recommend that you upgrade your tetex-bin package.
{"result": {"cve": [{"id": "CVE-2005-3627", "type": "cve", "title": "CVE-2005-3627", "description": "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.", "published": "2005-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3627", "cvelist": ["CVE-2005-3627"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3192", "type": "cve", "title": "CVE-2005-3192", "description": "Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.", "published": "2005-12-07T20:03:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3192", "cvelist": ["CVE-2005-3192"], "lastseen": "2018-05-06T20:31:16"}, {"id": "CVE-2005-3626", "type": "cve", "title": "CVE-2005-3626", "description": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.", "published": "2005-12-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3626", "cvelist": ["CVE-2005-3626"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3191", "type": "cve", "title": "CVE-2005-3191", "description": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.", "published": "2005-12-06T20:03:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3191", "cvelist": ["CVE-2005-3191"], "lastseen": "2018-05-06T20:31:16"}, {"id": "CVE-2005-3625", "type": "cve", "title": "CVE-2005-3625", "description": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"", "published": "2005-12-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3625", "cvelist": ["CVE-2005-3625"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3193", "type": "cve", "title": "CVE-2005-3193", "description": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.", "published": "2005-12-06T19:03:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3193", "cvelist": ["CVE-2005-3193"], "lastseen": "2017-10-11T11:06:21"}, {"id": "CVE-2005-3624", "type": "cve", "title": "CVE-2005-3624", "description": "The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.", "published": "2005-12-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3624", "cvelist": ["CVE-2005-3624"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3628", "type": "cve", "title": "CVE-2005-3628", "description": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.", "published": "2005-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3628", "cvelist": ["CVE-2005-3628"], "lastseen": "2017-10-11T11:06:23"}], "nessus": [{"id": "FEDORA_2005-000.NASL", "type": "nessus", "title": "Fedora Core 3 2005-000: cups", "description": "The remote host is missing the patch for the advisory FEDORA-2005-000 (cups).\n\nThe Common UNIX Printing System provides a portable printing layer for UNIX(r) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users.\nCUPS provides the System V and Berkeley command-line interfaces.\n\nUpdate Information:\n\nThis update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.", "published": "2006-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20396", "cvelist": ["CVE-2005-3627"], "lastseen": "2016-09-26T17:23:38"}, {"id": "REDHAT-RHSA-2006-0262.NASL", "type": "nessus", "title": "RHEL 4 : kdegraphics (RHSA-2006:0262)", "description": "Updated kdegraphics packages that fully resolve a security issue in kpdf are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.\n\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages with this incomplete fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0746 to this issue.\n\nUsers of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2006-03-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21043", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-10-29T13:37:41"}, {"id": "CENTOS_RHSA-2006-0262.NASL", "type": "nessus", "title": "CentOS 4 : kdegraphics (CESA-2006:0262)", "description": "Updated kdegraphics packages that fully resolve a security issue in kpdf are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.\n\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages with this incomplete fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0746 to this issue.\n\nUsers of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2006-07-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21989", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2018-06-29T06:07:06"}, {"id": "FEDORA_2006-028.NASL", "type": "nessus", "title": "Fedora Core 4 : tetex-3.0-9.FC4 (2006-028)", "description": "Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened.\n\nThe Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nThis package also updates bindings in texdoc and causes the local texmf tree to be searched first.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20409", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625"], "lastseen": "2017-10-29T13:38:25"}, {"id": "FEDORA_2005-028.NASL", "type": "nessus", "title": "Fedora Core 4 : tetex-3.0-9.FC4 (2005-028)", "description": "Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened.\n\nThe Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nThis package also updates bindings in texdoc and causes the local texmf tree to be searched first.", "published": "2012-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=62250", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625"], "lastseen": "2017-10-29T13:33:35"}, {"id": "FEDORA_2006-025.NASL", "type": "nessus", "title": "Fedora Core 3 : gpdf-2.8.2-7.2 (2006-025)", "description": "Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20406", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:38:48"}, {"id": "CENTOS_RHSA-2006-0163.NASL", "type": "nessus", "title": "CentOS 3 / 4 : cups (CESA-2006:0163)", "description": "Updated CUPS packages that fix multiple security issues are now available for Red Hat Enterprise Linux.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.\n\nChris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nAll users of CUPS should upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2006-07-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21886", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:43:25"}, {"id": "UBUNTU_USN-236-2.NASL", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 : kdegraphics, koffice vulnerabilities (USN-236-2)", "description": "USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues.\n\nFor reference, this is the original advisory :\n\nChris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20782", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:42:22"}, {"id": "CENTOS_RHSA-2006-0177.NASL", "type": "nessus", "title": "CentOS 4 : gpdf (CESA-2006:0177)", "description": "An updated gpdf package that fixes several security issues is now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\ngpdf is a GNOME based viewer for Portable Document Format (PDF) files.\n\nChris Evans discovered several flaws in the way gpdf processes PDF files. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nUsers of gpdf should upgrade to this updated package, which contains a backported patch to resolve these issues.", "published": "2006-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21980", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:44:22"}, {"id": "GENTOO_GLSA-200601-17.NASL", "type": "nessus", "title": "GLSA-200601-17 : Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200601-17 (Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows)\n\n Chris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files.\n Impact :\n\n By sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-02-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20829", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:38:15"}], "talos": [{"id": "TALOS-2017-0319", "type": "talos", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability", "description": "# Talos Vulnerability Report\n\n### TALOS-2017-0319\n\n## Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability\n\n##### July 7, 2017\n\n##### CVE Number\n\nCVE-2017-2818\n\n### Summary\n\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\n\n### Tested Versions\n\nPoppler-0.53.0\n\n### Product URLs\n\n<https://poppler.freedesktop.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122: Heap-based Buffer Overflow\n\n### Details\n\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\n\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\n\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4)` at [0]\n \n \n GBool DCTStream::readBaselineSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n if (numComps <= 0 || numComps > 4) {\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\n numComps = 0;\n return gFalse;\n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n //...\n \n GBool DCTStream::readProgressiveSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n \n // [0] \n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\n \n \n for (i = 0; i < numComps; ++i) {\n compInfo[i].id = str->getChar();\n c = str->getChar();\n compInfo[i].hSample = (c >> 4) & 0x0f;\n compInfo[i].vSample = c & 0x0f;\n compInfo[i].quantTable = str->getChar();\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\n return gFalse;\n \n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\n return gFalse;\n \n\n### Crash Information\n \n \n RAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBX: 0x142dd00 --> 0x1 \n RCX: 0x8 \n RDX: 0xffffffff \n RSI: 0x0 \n RDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBP: 0x142de00 --> 0x100000001 \n RSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n RIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\n R8 : 0x3 \n R9 : 0x142c280 --> 0x142c660 --> 0x0 \n R10: 0x7f8c6d31bbe0 --> 0x0 \n R11: 0x1 \n R12: 0x142e100 --> 0x0 \n R13: 0x142e100 --> 0x0 \n R14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n R15: 0x0\n EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\n \n [-------------------------------------code-------------------------------------]\n 0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\n 0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\n 0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\n => 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\n 0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\n 0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <gfree@plt>\n 0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\n 0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\n [------------------------------------stack-------------------------------------]\n 0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n 0008| 0x7ffce0c46018 --> 0x0 \n 0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \n 0024| 0x7ffce0c46028 --> 0x1 \n 0032| 0x7ffce0c46030 --> 0x0 \n 0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\n 0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \n 0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\n [------------------------------------------------------------------------------]\n Legend: code, data, rodata, value\n \n\n### Timeline\n\n2017-05-17 - Vendor Disclosure \n2017-07-07 - Public Release\n\n##### Credit\n\nDiscovered by Lilith Wyatt of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2017-0321\n\nPrevious Report\n\nTALOS-2017-0289\n", "published": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0319", "cvelist": ["CVE-2005-3627", "CVE-2017-2818"], "lastseen": "2018-01-18T19:22:56"}, {"id": "TALOS-2017-2818", "type": "talos", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability", "description": "# Talos Vulnerability Report\n\n### TALOS-2017-2818\n\n## Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability\n\n##### July 7, 2017\n\n##### CVE Number\n\nCVE-2017-0319\n\n### Summary\n\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\n\n### Tested Versions\n\nPoppler-0.53.0\n\n### Product URLs\n\n<https://poppler.freedesktop.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122: Heap-based Buffer Overflow\n\n### Details\n\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\n\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\n\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4)` at [0]\n \n \n GBool DCTStream::readBaselineSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n if (numComps <= 0 || numComps > 4) {\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\n numComps = 0;\n return gFalse;\n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n //...\n \n GBool DCTStream::readProgressiveSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n \n // [0] \n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\n \n \n for (i = 0; i < numComps; ++i) {\n compInfo[i].id = str->getChar();\n c = str->getChar();\n compInfo[i].hSample = (c >> 4) & 0x0f;\n compInfo[i].vSample = c & 0x0f;\n compInfo[i].quantTable = str->getChar();\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\n return gFalse;\n \n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\n return gFalse;\n \n\n### Crash Information\n \n \n RAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBX: 0x142dd00 --> 0x1 \n RCX: 0x8 \n RDX: 0xffffffff \n RSI: 0x0 \n RDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBP: 0x142de00 --> 0x100000001 \n RSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n RIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\n R8 : 0x3 \n R9 : 0x142c280 --> 0x142c660 --> 0x0 \n R10: 0x7f8c6d31bbe0 --> 0x0 \n R11: 0x1 \n R12: 0x142e100 --> 0x0 \n R13: 0x142e100 --> 0x0 \n R14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n R15: 0x0\n EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\n \n [-------------------------------------code-------------------------------------]\n 0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\n 0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\n 0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\n => 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\n 0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\n 0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <[email\u00a0protected]>\n 0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\n 0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\n [------------------------------------stack-------------------------------------]\n 0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n 0008| 0x7ffce0c46018 --> 0x0 \n 0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \n 0024| 0x7ffce0c46028 --> 0x1 \n 0032| 0x7ffce0c46030 --> 0x0 \n 0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\n 0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \n 0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\n [------------------------------------------------------------------------------]\n Legend: code, data, rodata, value\n \n\n### Timeline\n\n2017-05-17 - Vendor Disclosure \n2017-07-07 - Public Release\n\n##### Credit\n\nDiscovered by Lilith Wyatt of Cisco Talos.\n\n* * *\n\nBack\n", "published": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-2818", "cvelist": ["CVE-2005-3627", "CVE-2017-0319"], "lastseen": "2017-07-07T16:28:16"}], "redhat": [{"id": "RHSA-2006:0262", "type": "redhat", "title": "(RHSA-2006:0262) kdegraphics security update", "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a PDF file viewer.\r\n\r\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,\r\nwas incomplete. Red Hat issued kdegraphics packages with this incomplete\r\nfix in RHSA-2005:868. An attacker could construct a carefully crafted PDF\r\nfile that could cause kpdf to crash or possibly execute arbitrary code when\r\nopened. The Common Vulnerabilities and Exposures project assigned the name\r\nCVE-2006-0746 to this issue.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.", "published": "2006-03-09T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0262", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-09-09T07:19:40"}, {"id": "RHSA-2006:0177", "type": "redhat", "title": "(RHSA-2006:0177) gpdf security update", "description": "gpdf is a GNOME based viewer for Portable Document Format (PDF) files.\r\n\r\nChris Evans discovered several flaws in the way gpdf processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\ngpdf to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "published": "2006-01-11T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0177", "cvelist": ["CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627"], "lastseen": "2017-09-09T07:20:34"}, {"id": "RHSA-2006:0163", "type": "redhat", "title": "(RHSA-2006:0163) cups security update", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nChris Evans discovered several flaws in the way CUPS processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\nCUPS to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "published": "2006-01-11T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0163", "cvelist": ["CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627"], "lastseen": "2017-09-08T08:04:31"}, {"id": "RHSA-2005:868", "type": "redhat", "title": "(RHSA-2005:868) kdegraphics security update", "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.", "published": "2005-12-20T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2005:868", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "lastseen": "2017-09-09T07:20:37"}, {"id": "RHSA-2005:840", "type": "redhat", "title": "(RHSA-2005:840) xpdf security update", "description": "The xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.", "published": "2005-12-06T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2005:840", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "lastseen": "2018-03-28T01:01:09"}, {"id": "RHSA-2006:0160", "type": "redhat", "title": "(RHSA-2006:0160) tetex security update", "description": "TeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "published": "2006-01-19T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0160", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "lastseen": "2018-05-11T21:13:17"}, {"id": "RHSA-2005:878", "type": "redhat", "title": "(RHSA-2005:878) cups security update", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "published": "2005-12-20T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:878", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "lastseen": "2017-09-09T07:20:15"}, {"id": "RHSA-2005:867", "type": "redhat", "title": "(RHSA-2005:867) gpdf security update", "description": "The gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "published": "2005-12-20T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:867", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "lastseen": "2017-09-09T07:19:50"}], "seebug": [{"id": "SSV:96476", "type": "seebug", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability(CVE-2017-2818)", "description": "### Summary\r\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\r\n\r\n### Tested Versions\r\nPoppler-0.53.0\r\n\r\n### Product URLs\r\nhttps://poppler.freedesktop.org/\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\r\n\r\n### CWE\r\nCWE-122: Heap-based Buffer Overflow\r\n\r\n### Details\r\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\r\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\r\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4) `at [0]\r\n```\r\nGBool DCTStream::readBaselineSOF() {\r\n int length;\r\n int prec;\r\n int i;\r\n int c;\r\n\r\n length = read16();\r\n prec = str->getChar();\r\n height = read16();\r\n width = read16();\r\n numComps = str->getChar();\r\n if (numComps <= 0 || numComps > 4) {\r\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\r\n numComps = 0;\r\n return gFalse;\r\n\r\n if (prec != 8) {\r\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\r\n return gFalse;\r\n\r\n//...\r\n\r\n GBool DCTStream::readProgressiveSOF() {\r\n int length;\r\n int prec;\r\n int i;\r\n int c;\r\n\r\n length = read16();\r\n prec = str->getChar();\r\n height = read16();\r\n width = read16();\r\n numComps = str->getChar();\r\n\r\n // [0] \r\n\r\n if (prec != 8) {\r\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\r\n return gFalse;\r\n```\r\n\r\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\r\n```\r\nfor (i = 0; i < numComps; ++i) {\r\n compInfo[i].id = str->getChar();\r\n c = str->getChar();\r\n compInfo[i].hSample = (c >> 4) & 0x0f;\r\n compInfo[i].vSample = c & 0x0f;\r\n compInfo[i].quantTable = str->getChar();\r\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\r\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\r\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\r\n return gFalse;\r\n\r\n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\r\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\r\n return gFalse;\r\n```\r\n\r\n### Crash Information\r\n```\r\nRAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nRBX: 0x142dd00 --> 0x1 \r\nRCX: 0x8 \r\nRDX: 0xffffffff \r\nRSI: 0x0 \r\nRDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nRBP: 0x142de00 --> 0x100000001 \r\nRSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \r\nRIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\r\nR8 : 0x3 \r\nR9 : 0x142c280 --> 0x142c660 --> 0x0 \r\nR10: 0x7f8c6d31bbe0 --> 0x0 \r\nR11: 0x1 \r\nR12: 0x142e100 --> 0x0 \r\nR13: 0x142e100 --> 0x0 \r\nR14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nR15: 0x0\r\nEFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\r\n\r\n[-------------------------------------code-------------------------------------]\r\n0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\r\n0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\r\n0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\r\n=> 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\r\n0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\r\n0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <gfree@plt>\r\n0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\r\n0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\r\n[------------------------------------stack-------------------------------------]\r\n0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \r\n0008| 0x7ffce0c46018 --> 0x0 \r\n0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \r\n0024| 0x7ffce0c46028 --> 0x1 \r\n0032| 0x7ffce0c46030 --> 0x0 \r\n0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\r\n0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \r\n0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\r\n[------------------------------------------------------------------------------]\r\nLegend: code, data, rodata, value\r\n```\r\n\r\n### Timeline\r\n* 2017-05-17 - Vendor Disclosure\r\n* 2017-07-07 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Lilith Wyatt of Cisco Talos.", "published": "2017-09-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-96476", "cvelist": ["CVE-2005-3627", "CVE-2017-2818"], "lastseen": "2017-11-19T12:04:19"}], "centos": [{"id": "CESA-2006:0262", "type": "centos", "title": "kdegraphics security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0262\n\n\nThe kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a PDF file viewer.\r\n\r\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,\r\nwas incomplete. Red Hat issued kdegraphics packages with this incomplete\r\nfix in RHSA-2005:868. An attacker could construct a carefully crafted PDF\r\nfile that could cause kpdf to crash or possibly execute arbitrary code when\r\nopened. The Common Vulnerabilities and Exposures project assigned the name\r\nCVE-2006-0746 to this issue.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012718.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012723.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012725.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012726.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012733.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0262.html", "published": "2006-03-09T22:05:31", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-March/012718.html", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-10-12T14:45:18"}, {"id": "CESA-2006:0163", "type": "centos", "title": "cups security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0163\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nChris Evans discovered several flaws in the way CUPS processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\nCUPS to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012557.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012558.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012559.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012561.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012562.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012563.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012564.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012571.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012572.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0163.html", "published": "2006-01-11T22:26:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012557.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-12T14:45:00"}, {"id": "CESA-2006:0177", "type": "centos", "title": "gpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0177\n\n\ngpdf is a GNOME based viewer for Portable Document Format (PDF) files.\r\n\r\nChris Evans discovered several flaws in the way gpdf processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\ngpdf to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012565.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012566.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012567.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012573.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012574.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0177.html", "published": "2006-01-12T05:08:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012565.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-12T14:44:55"}, {"id": "CESA-2005:868", "type": "centos", "title": "kdegraphics security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:868\n\n\nThe kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012498.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012505.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012518.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012519.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012520.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-868.html", "published": "2005-12-21T02:55:30", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012498.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:48"}, {"id": "CESA-2005:840-01", "type": "centos", "title": "xpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:840-01\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012469.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2005-12-07T00:42:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012469.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:14"}, {"id": "CESA-2006:0160-01", "type": "centos", "title": "tetex security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0160-01\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012604.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvilj\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-01-30T00:51:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012604.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:47:07"}, {"id": "CESA-2005:840-02", "type": "centos", "title": "xpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:840-02\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012507.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2005-12-22T00:12:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012507.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:45"}, {"id": "CESA-2005:840", "type": "centos", "title": "xpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:840\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012449.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012450.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012453.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012454.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012457.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012459.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012460.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012463.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012465.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012486.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012487.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012490.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012493.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012500.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012510.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012513.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012529.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012530.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-840.html", "published": "2005-12-06T16:19:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012449.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:44:50"}, {"id": "CESA-2006:0160", "type": "centos", "title": "tetex security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0160\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012585.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012586.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012591.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012592.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012594.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012595.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012598.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012600.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012602.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0160.html", "published": "2006-01-19T21:19:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012585.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:44:47"}, {"id": "CESA-2005:878", "type": "centos", "title": "cups security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:878\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012482.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012483.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012488.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012492.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012499.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012508.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012512.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012531.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012532.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-878.html", "published": "2005-12-20T23:29:16", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012482.html", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "lastseen": "2017-10-12T14:44:55"}], "osvdb": [{"id": "OSVDB:22236", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Stream.cc DCTDecode Stream Processing Multiple Function Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3627](https://vulners.com/cve/CVE-2005-3627)\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22236", "cvelist": ["CVE-2005-3627", "CVE-2005-3191"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:21462", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf StreamPredictor Function numComps Field Overflow DoS", "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21463](https://vulners.com/osvdb/OSVDB:21463)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0221.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0224.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0225.html\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n[CVE-2005-3192](https://vulners.com/cve/CVE-2005-3192)\n", "published": "2005-12-05T06:19:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:21462", "cvelist": ["CVE-2005-3192", "CVE-2005-3191"], "lastseen": "2017-04-28T13:20:18"}, {"id": "OSVDB:22235", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3626](https://vulners.com/cve/CVE-2005-3626)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22235", "cvelist": ["CVE-2005-3626"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:22234", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3625](https://vulners.com/cve/CVE-2005-3625)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:22234", "cvelist": ["CVE-2005-3625"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:21463", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf JPXStream.cc JPXStream::readCodestream Function Overflow", "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17926](https://secuniaresearch.flexerasoftware.com/advisories/17926/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:17955](https://secuniaresearch.flexerasoftware.com/advisories/17955/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18520](https://secuniaresearch.flexerasoftware.com/advisories/18520/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:19125](https://secuniaresearch.flexerasoftware.com/advisories/19125/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21462](https://vulners.com/osvdb/OSVDB:21462)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0220.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\n[CVE-2005-3193](https://vulners.com/cve/CVE-2005-3193)\n", "published": "2005-12-05T06:19:13", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:21463", "cvelist": ["CVE-2005-3193"], "lastseen": "2017-04-28T13:20:18"}, {"id": "OSVDB:22233", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function Multiple Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3624](https://vulners.com/cve/CVE-2005-3624)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:22233", "cvelist": ["CVE-2005-3624"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:22821", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf JBIG2Stream.cc JBIG2Bitmap::JBIG2Bitmap Function Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\n[CVE-2005-3628](https://vulners.com/cve/CVE-2005-3628)\n", "published": "2006-01-03T06:18:33", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22821", "cvelist": ["CVE-2005-3628"], "lastseen": "2017-04-28T13:20:19"}], "openvas": [{"id": "OPENVAS:56457", "type": "openvas", "title": "Debian Security Advisory DSA 1008-1 (kdegraphics)", "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 1008-1.\n\nMarcelo Ricardo Leitner noticed that the current patch in DSA 932\n(CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all\nbuffer overflows, still allowing an attacker to execute arbitrary\ncode.\n\nThe old stable distribution (woody) does not contain kpdf packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56457", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-07-24T12:49:58"}, {"id": "OPENVAS:56229", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdftohtml)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200601-17.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56229", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-07-24T12:50:22"}, {"id": "OPENVAS:56293", "type": "openvas", "title": "Slackware Advisory SSA:2006-045-09 xpdf", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56293", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-09-18T11:13:19"}, {"id": "OPENVAS:56111", "type": "openvas", "title": "Debian Security Advisory DSA 932-1 (xpdf)", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 932-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56111", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:49:48"}, {"id": "OPENVAS:56077", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200601-02.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56077", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624"], "lastseen": "2017-07-24T12:49:47"}, {"id": "OPENVAS:56145", "type": "openvas", "title": "Debian Security Advisory DSA 940-1 (gpdf)", "description": "The remote host is missing an update to gpdf\nannounced via advisory DSA 940-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in gpdf, the GNOME version of the Portable Document\nFormat viewer, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain gpdf packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56145", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:50:00"}, {"id": "OPENVAS:56110", "type": "openvas", "title": "Debian Security Advisory DSA 931-1 (xpdf)", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 931-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56110", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:49:49"}, {"id": "OPENVAS:56211", "type": "openvas", "title": "Debian Security Advisory DSA 950-1 (cupsys)", "description": "The remote host is missing an update to cupsys\nannounced via advisory DSA 950-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56211", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:50:07"}, {"id": "OPENVAS:56141", "type": "openvas", "title": "Debian Security Advisory DSA 938-1 (koffice)", "description": "The remote host is missing an update to koffice\nannounced via advisory DSA 938-1.\n\ninfamous41md and chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in koffice, the KDE Office Suite, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain koffice packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56141", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:49:52"}, {"id": "OPENVAS:56221", "type": "openvas", "title": "Debian Security Advisory DSA 962-1 (pdftohtml)", "description": "The remote host is missing an update to pdftohtml\nannounced via advisory DSA 962-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56221", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:50:18"}], "gentoo": [{"id": "GLSA-200601-17", "type": "gentoo", "title": "Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows", "description": "### Background\n\nXpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data from files. pdftohtml is a utility to convert PDF files to HTML or XML formats that makes use of Xpdf code to decode PDF files. \n\n### Description\n\nChris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files. \n\n### Impact\n\nBy sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r5\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/poppler-0.4.3-r4\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r3\"\n\nAll libextractor users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libextractor-0.5.9\"\n\nAll pdftohtml users should migrate to the latest stable version of Poppler.", "published": "2006-01-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200601-17", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2016-09-06T19:46:53"}, {"id": "GLSA-200601-02", "type": "gentoo", "title": "KPdf, KWord: Multiple overflows in included Xpdf code", "description": "### Background\n\nKPdf is a KDE-based PDF viewer included in the kdegraphics package. KWord is a KDE-based word processor also included in the koffice package. \n\n### Description\n\nKPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with Kpdf or KWord, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdegraphics users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdegraphics-3.4.3-r3\"\n\nAll Kpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kpdf-3.4.3-r3\"\n\nAll KOffice users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/koffice-1.4.2-r6\"\n\nAll KWord users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/kword-1.4.2-r6\"", "published": "2006-01-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200601-02", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-06T19:46:11"}, {"id": "GLSA-200512-08", "type": "gentoo", "title": "Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities", "description": "### Background\n\nXpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. \n\n### Description\n\ninfamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows. \n\n### Impact\n\nAn attacker could entice a user to open a specially-crafted PDF file which would trigger an overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or Poppler. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r2\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r2\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose app-text/poppler\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.1.23-r3\"", "published": "2005-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200512-08", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "lastseen": "2016-09-06T19:46:39"}, {"id": "GLSA-200603-02", "type": "gentoo", "title": "teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code", "description": "### Background\n\nteTex is a complete TeX distribution. It is used for creating and manipulating LaTeX documents. CSTeX is a TeX distribution with Czech and Slovak support. pTeX is and ASCII publishing TeX distribution. \n\n### Description\n\nCSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with teTeX, pTeX or CSTeX, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll teTex users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/tetex-2.0.2-r8\"\n\nAll CSTeX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/cstetex-2.0.2-r2\"\n\nAll pTeX users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/ptex-3.1.5-r1\"", "published": "2006-03-04T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200603-02", "cvelist": ["CVE-2005-3193"], "lastseen": "2016-09-06T19:46:56"}], "ubuntu": [{"id": "USN-236-1", "type": "ubuntu", "title": "xpdf vulnerabilities", "description": "Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user \u2018cupsys\u2019).", "published": "2006-01-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/236-1/", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2018-03-29T18:19:21"}, {"id": "USN-236-2", "type": "ubuntu", "title": "xpdf vulnerabilities in kword, kpdf", "description": "USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues.\n\nFor reference, this is the original advisory:\n\nChris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.", "published": "2006-01-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/236-2/", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2018-03-29T18:20:40"}, {"id": "USN-227-1", "type": "ubuntu", "title": "xpdf vulnerabilities", "description": "infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user \u2018cupsys\u2019).", "published": "2005-12-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/227-1/", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "lastseen": "2018-03-29T18:19:52"}], "talosblog": [{"id": "TALOSBLOG:E92A35ABBB4E772E08533C6C9DA50867", "type": "talosblog", "title": "Vulnerability Spotlight: TALOS-2017-0311,0319,0321 - Multiple Remote Code Execution Vulnerability in Poppler PDF library", "description": "<div dir=\"ltr\" style=\"text-align: left;\" trbidi=\"on\">Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos.<br /><br /><h3 style=\"text-align: left;\">Overview</h3>Talos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim's machine. If an attacker builds a specially crafted PDF document and the victim opens it, the attackers code will be executed with the privileges of the local user. <br /><br /><a name='more'></a><br /><h3 style=\"text-align: left;\">Details</h3><div style=\"text-align: left;\">Poppler is a shared library for displaying PDF files, used as middleware within different enterprise and open source solutions (e.g. Gimp). It is forked off from XPDF and is a complete implementation of the PDF ISO standard. Talos identified three remote code execution vulnerabilities in the Poppler library.<br /><br /><b>TALOS-2017-0311 / CVE-2017-2814</b> - Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability<br /><br />An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an image resizing after allocation has already occurred, resulting in a heap corruption triggered in the DCTStream::readScan() function. This can lead to code execution with the local user rights.<br /><br /><b>TALOS-2017-0319 / CVE-2017-2818</b> - Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability<br /><br />Talos found an exploitable heap overflow vulnerability in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in a heap corruption. This can be used by an attacker to craft a PDF file that executes malicious code on the victim's computer with the rights of the local user.<br /><br />This vulnerability was formerly found (CVE-2005-3627), with a fix applied to DCTStream::readBaselineSOF, however the bug was missed in the readProgressiveSOF function.<br /><br /><b>TALOS-2017-0321 / CVE-2017-2820 - </b><span id=\"summary_alias_container\"><span id=\"short_desc_nonedit_display\">Poppler PDF library JPEG2000 levels Code Execution Vulnerability</span></span></div><div style=\"text-align: left;\"><br />Talos discovered an exploitable integer overflow vulnerability in the JPEG 2000 image parsing functionality of the Poppler 0.53.0 library. An attacker can build a specially crafted PDF file that uses this bug to trigger an integer overflow. Later in the code execution flow, this can lead to memory getting overwritten on the heap resulting in a potential arbitrary code execution with the rights of the local user. Like with the other two vulnerabilities before, a victim must open the malicious PDF in an application using this library to exploit this vulnerability. One example of a vulnerable application is the default PDF reader Evince, shipped with the latest version of Ubuntu Linux. </div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br /><h3 style=\"text-align: left;\">Additional Notes</h3>We would like to highlight that TALOS-2017-0311 and TALOS-2017-0321 are in Poppler's internal, unmaintained JPEG and JPEG2000 decoders which shouldn't ever be used. Even Poppler\u2019s documentation strongly suggests not using them. It is highly recommended to build the Poppler library with more robust and up to date external implementations such as libjpeg and openjpeg. However, Ubuntu does not do this by default for JPEG2000 and will use the unmaintained code, thus making Ubuntu-compiled versions vulnerable to these issues.<br /><br />Talos is seeing client side attacks based on malicious PDF files on a daily base. If your company is using a Popper based application, it is possible that an attacker could use one of these vulnerabilities against it in a targeted attack. This shows how important it is to keep all applications up to date and not only the operation system.</div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br />More technical details can be found in the Talos Vulnerability Reports: </div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0311\">TALOS-2017-0311</a></div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0319\">TALOS-2017-0319</a></div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0321\">TALOS-2017-0321</a></div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br /></div><h3 style=\"text-align: left;\">Coverage</h3><div style=\"text-align: left;\">The following Snort Rules will detect exploitation attempts of this vulnerability. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org<br /><br />Snort rules: 42273-42274, 42319 - 42320 , 42352-42353</div></div><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=Epb7zux15g4:WfmtXYq2U6Y:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/Epb7zux15g4\" height=\"1\" width=\"1\" alt=\"\"/>", "published": "2017-07-07T08:27:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Epb7zux15g4/vulnerability-spotlight-talos-2017.html", "cvelist": ["CVE-2005-3627", "CVE-2017-2814", "CVE-2017-2818", "CVE-2017-2820"], "lastseen": "2017-07-29T13:22:40"}], "debian": [{"id": "DSA-931", "type": "debian", "title": "xpdf -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.00-3.8.\n\nFor the stable distribution (sarge) these problems have been fixed in version 3.00-13.4.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.01-4.\n\nWe recommend that you upgrade your xpdf package.", "published": "2006-01-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-931", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:27:09"}, {"id": "DSA-936", "type": "debian", "title": "libextractor -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.4.2-2sarge2.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your libextractor packages.", "published": "2006-01-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-936", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:25:06"}, {"id": "DSA-962", "type": "debian", "title": "pdftohtml -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.36-11sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdftohtml package.", "published": "2006-02-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-962", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:21:26"}, {"id": "DSA-950", "type": "debian", "title": "cupsys -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.1.14-5woody14.\n\nCUPS doesn't use the xpdf source anymore since 1.1.22-7, when it switched to using xpdf-utils for PDF processing.\n\nWe recommend that you upgrade your CUPS packages.", "published": "2006-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-950", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:28:03"}, {"id": "DSA-938", "type": "debian", "title": "koffice -- buffer overflows", "description": "\"infamous41md\" and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain koffice packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.3.5-4.sarge.2.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.4.2-6.\n\nWe recommend that you upgrade your koffice package.", "published": "2006-01-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-938", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:30:25"}, {"id": "DSA-961", "type": "debian", "title": "pdfkit.framework -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.8-2sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdfkit.framework package.", "published": "2006-02-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-961", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:20:25"}, {"id": "DSA-932", "type": "debian", "title": "kdegraphics -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 3.3.2-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.5.0-3.\n\nWe recommend that you upgrade your kpdf package.", "published": "2006-01-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-932", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:37:06"}, {"id": "DSA-940", "type": "debian", "title": "gpdf -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain gpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 2.8.2-1.2sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in version 2.10.0-2.\n\nWe recommend that you upgrade your gpdf package.", "published": "2006-01-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-940", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2018-07-04T01:21:01"}], "slackware": [{"id": "SSA-2006-045-04", "type": "slackware", "title": "kdegraphics", "description": "New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,\nand -current to fix security issues with kpdf.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\nAdditional information is also available from the KDE website:\n\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and\n heap overflows in kpdf to fix possible security bugs with malformed\n PDF files.\n For more information, see:\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdegraphics-3.2.3-i486-2.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdegraphics-3.3.2-i486-4.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdegraphics-3.4.2-i486-2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdegraphics-3.5.1-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\nda13535a269210c3e8aff65ef17e2442 kdegraphics-3.2.3-i486-2.tgz\n\nSlackware 10.1 package:\n1499ba1755da9e69a6b69031b2919eb2 kdegraphics-3.3.2-i486-4.tgz\n\nSlackware 10.2 package:\n5bb6d9647f5d48d00cbd698e9aa5821e kdegraphics-3.4.2-i486-2.tgz\n\nSlackware -current package:\na3dc06eee3e19500f39ee1ecbac977e1 kdegraphics-3.5.1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg kdegraphics-3.4.2-i486-2.tgz", "published": "2006-02-14T16:27:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2018-02-02T18:11:27"}, {"id": "SSA-2006-045-09", "type": "slackware", "title": "xpdf", "description": "New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to\n fix integer and heap overflows in xpdf triggered by malformed PDF files.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/xpdf-3.01-i386-3.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.01-i486-3a.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.01-i486-3.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\nfebda74afb06e94f745ef2d02867b505 xpdf-3.01-i386-3.tgz\n\nSlackware 9.1 package:\n1dd5847ecf094359fe712850391e7b37 xpdf-3.01-i486-3.tgz\n\nSlackware 10.0 package:\nabd65f71b8484579aa4b1ce081b4d61e xpdf-3.01-i486-3.tgz\n\nSlackware 10.1 package:\n9270fb578380221d9e642c7d80fac931 xpdf-3.01-i486-3a.tgz\n\nSlackware 10.2 package:\n8c85579182d43d56920e5a79063b447e xpdf-3.01-i486-3.tgz\n\nSlackware -current package:\n172d66fd19dbf8ceca0a25a6c17e75c2 xpdf-3.01-i486-3.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xpdf-3.01-i486-3.tgz", "published": "2006-02-14T16:28:51", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2018-02-02T18:11:36"}, {"id": "SSA-2006-142-01", "type": "slackware", "title": "tetex PDF security", "description": "New tetex packages are available for Slackware 10.2 and -current to\nfix a possible security issue. teTeX-3.0 incorporates some code from \nthe xpdf program which has been shown to have various overflows that\ncould result in program crashes or possibly the execution of arbitrary\ncode as the teTeX user. This is especially important to consider if\nteTeX is being used as part of a printer filter.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/tetex-3.0-i486-2_10.2.tgz: Regenerated the etex.fmt files\n with etex, not pdfetex. This is more appropriate since etex is a binary,\n not a link to pdfetex. Thanks to John Breckenridge for reporting the issue.\n Added --disable-a4, and fixed the texconfig for US paper default in the\n build script. Thanks to Marc Benstein and Jingmin Zhou for reporting this.\n Improved /tmp use security.\n Patched a possible security issue in library code borrowed from xpdf that's\n used in pdfetex.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/tetex-3.0-i486-2_10.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/t/tetex-3.0-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/t/tetex-doc-3.0-i486-2.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\ncdf43c3573e8235aa15bea3a6960a4e8 tetex-3.0-i486-2_10.2.tgz\n\nSlackware -current packages:\nbaae094f336ffc8a553328cc6d41d81a tetex-3.0-i486-2.tgz\nbf14a46df01c748b088b4b54010ddb98 tetex-doc-3.0-i486-2.tgz\n\n\nInstallation instructions:\n\nUpgrade the package(s) as root:\n > upgradepkg tetex-3.0-i486-2_10.2.tgz", "published": "2006-05-22T15:14:23", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.399813", "cvelist": ["CVE-2005-3193"], "lastseen": "2018-02-02T18:11:37"}], "suse": [{"id": "SUSE-SA:2006:001", "type": "suse", "title": "remote code execution in xpdf,kpdf,gpdf,kword", "description": "\"infamous41md\", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. Copies of xpdf code are also contained in cups, kpdf, kword, gpdf, libextractor, pdf2html, poppler and tetex. Updates for those are in the works.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2006-01-11T12:03:37", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2006-01/msg00007.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-04T11:40:16"}], "oraclelinux": [{"id": "ELSA-2006-0262", "type": "oraclelinux", "title": "kdegraphics security update", "description": "[7:3.3.1-3.9 ]\n- apply xpdf-splash-overflow-CVE-2006-0301-fix.diff to fix CVE-2006-0301 (#184307)\n[7:3.3.1-3.8]\n- apply xpdf-splash-overflow-CVE-2006-0301-fix.diff to fix CVE-2006-0301 (#179055)\n[7:3.3.1-3.7]\n- apply patch to fix buffer overflow issue in the xpdf codebase\n when handling splash images CVE-2006-0301 (#179055)\n[7:3.3.1-3.6]\n- better fix for CAN-2005-3193\n[7:3.3.1-3.5]\n- add BuildRequires: libieee1284-devel #168356\n- backport patch to fix CAN-2005-3193, #175105\n[7:3.3.1-3.4]\n- apply patch to fix kpdf DoS CAN-2005-2097, #163925\n[7:3.3.1-3.3]\n- More fixing of CAN-2004-0888 patch (bug #135393)\n[3.3.1-3.2]\n- Applied patch to fix CAN-2005-0064\n[7:3.3.1-3.1]\n- Applied patch to fix CAN-2004-1125\n[7:3.3.1-2]\n- fix kfax to use system libtiff\n[7:3.3.1-1]\n- update to 3.3.1\n[7:3.3.0-3]\n- fix typo in buildrequires #135007\n[7:3.3.0-2]\n- only show kcmkmrml in KDE\n- set variables before use\n[3.3.0-1]\n- update to 3.3.0\n[3.3.0-0.1.rc2]\n- update to 3.3.0 rc2\n[7:3.2.3-1]\n- update to 3.2.3\n[7:3.2.2-1]\n- update to 3.2.2\n[7:3.2.1-1]\n- 3.2.1 release\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n[7:3.2.0-1.4]\n- fix typo bug, _smp_mflags instead smp_mflags\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[7:3.2.0-0.3]\n- 3.2.0 release\n- built against qt 3.3.0\n- add prereq /sbin/ldconfig\n[7:3.1.95-0.1]\n- KDE 3.2 RC1\n[7:3.1.94-0.1]\n- KDE 3.2 Beta2\n[7:3.1.93-0.2]\n- get rid of rpath\n[7:3.1.93-0.1]\n- KDE 3.2 Beta1\n- cleanup\n[7:3.1.4-1]\n- 3.1.4\n[7:3.1.3-4]\n- disable kpovmodeler temporary. waiting for freeglut\n[7:3.1.3-3]\n- fixed build problem with new gcc\n[7:3.1.3-2]\n- rebuilt\n[7:3.1.3-1]\n- 3.1.3\n[3.1.2-4]\n- disable kpovmodeler temporary. waiting for freeglut\n- built with gcc-3.3-12\n- remove excludearch s390/s390x\n[7:3.1.2-3.1]\n- added epoch for versioned requires where needed\n- built for RHEL\n* Wed Jun 04 2003 Elliot Lee \n- rebuilt\n[3.1.2-2]\n- 3.1.2\n[3.1.1-2]\n- PS/PDF file handling vulnerability\n[3.1.1-1]\n- 3.1.1\n* Mon Feb 24 2003 Elliot Lee \n- debuginfo rebuild\n[3.1-3]\n- get rid of gcc path from dependency_libs\n* Wed Feb 19 2003 Elliot Lee \n- BuildRequires: glut-devel if kpovmodeler\n[3.1-1]\n- 3.1 release\n- remove excludearch ia64\n- remove some unneeded macros\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[3.1-0.3]\n- rc6\n- exclude ia64\n[3.1-0.2]\n- fix desktop file issues\n- get rid of su packages\n[3.1-0.1]\n- update to 3.1 rc4\n[3.0.5-1]\n- update to 3.0.5\n[3.0.4-1]\n- 3.0.4\n* Sun Aug 25 2002 Florian La Roche \n- compile on mainframe\n* Wed Aug 14 2002 Florian La Roche \n- change spec file to work for more archs\n[3.0.3-1]\n- 3.0.3\n- build using gcc-3.2-0.3\n[3.0.2-4]\n- desktop files issues (bug #71018)\n[3.0.2-3]\n- build using gcc-3.2-0.1\n[3.0.2-2]\n- fix desktop files issue\n[3.0.2-1]\n- 3.0.2\n- use desktop-file-install\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Sun May 26 2002 Tim Powers \n- automated rebuild\n[3.0.1-1]\n- 3.0.1\n[3.0.0-5]\n- rename libraries\n[3.0.0-4]\n- Fix libkviewpart.* duplication (kview and kviewshell, #62749)\n- Shut up rpmlint\n[3.0.0-3]\n- Obsolete the old monolithic package\n- Fix build with gcc 3.1\n[3.0.0-2]\n- fix deps problem\n[3.0.0-1]\n- 3.0.0 final\n[3.0.0-0.cvs20020321.1]\n- Add docs for kooka and kuickshow and kfile PostScript plugin\n[3.0.0-0.cvs20020306.1]\n- Update\n- Rename subpackages\n- Dont build kamera on alpha\n[3.0.0-0.cvs20011226.1]\n- Update\n- Reorganize package\n[2.2-0.cvs20010726.1]\n- The -devel package has kscan-related files -n only. Since kscan isnt built\n on s390/s390x, dont build the devel package there.\n[2.2-0.cvs20010724.1]\n- Add more build dependencies (#48970)\n- Remove ia64 workarounds, no longer needed\n- Update\n[2.2-0.cvs20010723.1]\n- Restore -devel package, got lost during the update\n- Fix build on s390/s390x\n- Update\n[2.2-0.cvs20010722.2]\n- Make symlinks relative\n- Update\n* Wed Feb 21 2001 Bernhard Rosenkraenzer \n- 2.1-respin\n* Tue Feb 20 2001 Bernhard Rosenkraenzer \n- 2.1\n* Fri Feb 16 2001 Than Ngo \n- fix to build against glibc\n* Tue Feb 06 2001 Bernhard Rosenkraenzer \n- Get rid of libkdefakes.so.0 dependency\n* Mon Jan 22 2001 Bernhard Rosenkraenzer \n- Update\n* Mon Jan 01 2001 Bernhard Rosenkraenzer \n- Update\n* Wed Dec 20 2000 Bernhard Rosenkraenzer \n- Update\n- Stop excluding ia64\n* Wed Nov 15 2000 Bernhard Rosenkraenzer \n- Update to HEAD\n* Fri Nov 03 2000 Bernhard Rosenkraenzer \n- Update to KDE_2_0_BRANCH\n* Mon Oct 23 2000 Bernhard Rosenkraenzer \n- 2.0 final\n* Thu Aug 24 2000 Than Ngo \n- update to kdegraphics-1.93\n* Sun Aug 20 2000 Than Ngo \n- add missing kdegraphic2 package\n* Mon Aug 07 2000 Bernhard Rosenkraenzer \n- new version\n* Tue Jul 25 2000 Bernhard Rosenkraenzer \n- new snapshot\n- work around compiler bug by disabling kcoloredit for now, FIXME\n* Fri Jul 21 2000 Bernhard Rosenkraenzer \n- new snapshot\n- SMPify build\n* Sun Jul 16 2000 Than Ngo \n- use gcc 2.96\n- new snapshot\n- fix docdir\n* Fri Jun 23 2000 Bernhard Rosenkraenzer \n- Add Epoch - for some reason, rpm thinks 1.1.2 > 1.92.20000623.\n* Tue Jun 20 2000 Bernhard Rosenkraenzer \n- new snapshot\n- ExcludeArch ia64 for now\n* Sat Mar 18 2000 Bernhard Rosenkraenzer \n- new snapshot\n- move it to /usr, where it belongs\n* Sun Oct 24 1999 Bernhard Rosenkraenzer \n- Fix compilation\n* Fri Oct 22 1999 Bernhard Rosenkraenzer \n- 2.0 CVS\n* Fri Sep 24 1999 Preston Brown \n- mark doc files as such\n* Wed Sep 08 1999 Preston Brown \n- upgraded to 1.1.2 release\n* Fri Jun 11 1999 Preston Brown \n- snapshot, includes kde 1.1.1 + fixes\n* Mon Apr 19 1999 Preston Brown \n- last snapshot before release\n* Mon Apr 12 1999 Preston Brown \n- latest stable snapshot\n* Wed Feb 24 1999 Preston Brown \n- Injected new description and group.\n* Mon Feb 08 1999 Preston Brown \n- upgraded to KDE 1.1 final.\n* Sat Feb 06 1999 Preston Brown \n- updates to new libstdc++ and rpm standards.\n* Wed Jan 06 1999 Preston Brown \n- re-merged in updates from Duncan Haldane", "published": "2006-11-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0262.html", "cvelist": ["CVE-2005-2097", "CVE-2006-0301", "CVE-2006-0746", "CVE-2005-0064", "CVE-2004-1125", "CVE-2005-3193", "CVE-2004-0888"], "lastseen": "2017-06-22T16:23:14"}]}}
