ID DSA-937 Type debian Reporter Debian Modified 2006-01-12T00:00:00
Description
"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
For the old stable distribution (woody) these problems have been fixed in version 1.0.7+20011202-7.7.
For the stable distribution (sarge) these problems have been fixed in version 2.0.2-30sarge4.
For the unstable distribution (sid) these problems have been fixed in version 0.4.3-2 of poppler against which tetex-bin links.
We recommend that you upgrade your tetex-bin package.
{"result": {"cve": [{"id": "CVE-2005-3627", "type": "cve", "title": "CVE-2005-3627", "description": "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.", "published": "2005-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3627", "cvelist": ["CVE-2005-3627"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3192", "type": "cve", "title": "CVE-2005-3192", "description": "Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.", "published": "2005-12-07T20:03:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3192", "cvelist": ["CVE-2005-3192"], "lastseen": "2017-07-11T11:15:00"}, {"id": "CVE-2005-3626", "type": "cve", "title": "CVE-2005-3626", "description": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.", "published": "2005-12-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3626", "cvelist": ["CVE-2005-3626"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3191", "type": "cve", "title": "CVE-2005-3191", "description": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.", "published": "2005-12-06T20:03:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3191", "cvelist": ["CVE-2005-3191"], "lastseen": "2017-07-11T11:15:00"}, {"id": "CVE-2005-3625", "type": "cve", "title": "CVE-2005-3625", "description": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"", "published": "2005-12-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3625", "cvelist": ["CVE-2005-3625"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3624", "type": "cve", "title": "CVE-2005-3624", "description": "The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.", "published": "2005-12-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3624", "cvelist": ["CVE-2005-3624"], "lastseen": "2017-10-11T11:06:23"}, {"id": "CVE-2005-3628", "type": "cve", "title": "CVE-2005-3628", "description": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.", "published": "2005-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3628", "cvelist": ["CVE-2005-3628"], "lastseen": "2017-10-11T11:06:23"}], "nessus": [{"id": "FEDORA_2005-000.NASL", "type": "nessus", "title": "Fedora Core 3 2005-000: cups", "description": "The remote host is missing the patch for the advisory FEDORA-2005-000 (cups).\n\nThe Common UNIX Printing System provides a portable printing layer for UNIX(r) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users.\nCUPS provides the System V and Berkeley command-line interfaces.\n\nUpdate Information:\n\nThis update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.", "published": "2006-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20396", "cvelist": ["CVE-2005-3627"], "lastseen": "2016-09-26T17:23:38"}, {"id": "REDHAT-RHSA-2006-0262.NASL", "type": "nessus", "title": "RHEL 4 : kdegraphics (RHSA-2006:0262)", "description": "Updated kdegraphics packages that fully resolve a security issue in kpdf are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.\n\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages with this incomplete fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0746 to this issue.\n\nUsers of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2006-03-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21043", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-10-29T13:37:41"}, {"id": "CENTOS_RHSA-2006-0262.NASL", "type": "nessus", "title": "CentOS 4 : kdegraphics (CESA-2006:0262)", "description": "Updated kdegraphics packages that fully resolve a security issue in kpdf are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.\n\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages with this incomplete fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0746 to this issue.\n\nUsers of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2006-07-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21989", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-10-29T13:42:52"}, {"id": "FEDORA_2006-028.NASL", "type": "nessus", "title": "Fedora Core 4 : tetex-3.0-9.FC4 (2006-028)", "description": "Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened.\n\nThe Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nThis package also updates bindings in texdoc and causes the local texmf tree to be searched first.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20409", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625"], "lastseen": "2017-10-29T13:38:25"}, {"id": "FEDORA_2005-028.NASL", "type": "nessus", "title": "Fedora Core 4 : tetex-3.0-9.FC4 (2005-028)", "description": "Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened.\n\nThe Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nThis package also updates bindings in texdoc and causes the local texmf tree to be searched first.", "published": "2012-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=62250", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625"], "lastseen": "2017-10-29T13:33:35"}, {"id": "FEDORA_2005-025.NASL", "type": "nessus", "title": "Fedora Core 3 : kernel-2.6.10-1.741_FC3 (2005-025)", "description": "- CVE-2005-0001\n\n Paul Starzetz from isec.pl found an exploitable hole in the x86 SMP page fault handler which could lead to privilege escalation.\n http://www.isec.pl/vulnerabilities/isec-0022-pagefault.t xt\n\nThis update additionally fixes a random memory corruption issue present in the previous update, and in addition updates to the latest\n-ac collection of patches. A full changelog of the update vs the previous -ac8 based release is available at http://lkml.org/lkml/2005/1/13/219\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2005-01-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=16166", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624", "CVE-2005-0001"], "lastseen": "2017-10-29T13:41:09"}, {"id": "REDHAT-RHSA-2006-0163.NASL", "type": "nessus", "title": "RHEL 3 / 4 : cups (RHSA-2006:0163)", "description": "Updated CUPS packages that fix multiple security issues are now available for Red Hat Enterprise Linux.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.\n\nChris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nAll users of CUPS should upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20481", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:32:52"}, {"id": "UBUNTU_USN-236-2.NASL", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 : kdegraphics, koffice vulnerabilities (USN-236-2)", "description": "USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues.\n\nFor reference, this is the original advisory :\n\nChris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20782", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:42:22"}, {"id": "FEDORA_2005-026.NASL", "type": "nessus", "title": "Fedora Core 2 : kernel-2.6.10-1.9_FC2 (2005-026)", "description": "- CVE-2005-0001\n\n Paul Starzetz from isec.pl found an exploitable hole in the x86 SMP page fault handler which could lead to privilege escalation.\n http://www.isec.pl/vulnerabilities/isec-0022-pagefault.t xt\n\nThis update additionally fixes a random memory corruption issue present in the previous update, and in addition updates to the latest\n-ac collection of patches. A full changelog of the update vs the previous -ac8 based release is available at http://lkml.org/lkml/2005/1/13/219\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2005-01-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=16167", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624", "CVE-2005-0001"], "lastseen": "2017-10-29T13:41:10"}, {"id": "FEDORA_2006-026.NASL", "type": "nessus", "title": "Fedora Core 4 : poppler-0.4.4-1.1 (2006-026)", "description": "Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20407", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-29T13:42:30"}], "osvdb": [{"id": "OSVDB:22236", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Stream.cc DCTDecode Stream Processing Multiple Function Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3627](https://vulners.com/cve/CVE-2005-3627)\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22236", "cvelist": ["CVE-2005-3627", "CVE-2005-3191"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:21462", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf StreamPredictor Function numComps Field Overflow DoS", "description": "## Solution Description\nUpgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.foolabs.com/xpdf/\nVendor URL: http://poppler.freedesktop.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342287\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292\nVendor Specific News/Changelog Entry: https://gnunet.org/svn/Extractor/ChangeLog\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342294\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-227-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-1.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt)\nSecurity Tracker: 1015309\nSecurity Tracker: 1015324\n[Secunia Advisory ID:17908](https://secuniaresearch.flexerasoftware.com/advisories/17908/)\n[Secunia Advisory ID:18061](https://secuniaresearch.flexerasoftware.com/advisories/18061/)\n[Secunia Advisory ID:18055](https://secuniaresearch.flexerasoftware.com/advisories/18055/)\n[Secunia Advisory ID:17976](https://secuniaresearch.flexerasoftware.com/advisories/17976/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:17912](https://secuniaresearch.flexerasoftware.com/advisories/17912/)\n[Secunia Advisory ID:17920](https://secuniaresearch.flexerasoftware.com/advisories/17920/)\n[Secunia Advisory ID:17916](https://secuniaresearch.flexerasoftware.com/advisories/17916/)\n[Secunia Advisory ID:17959](https://secuniaresearch.flexerasoftware.com/advisories/17959/)\n[Secunia Advisory ID:18336](https://secuniaresearch.flexerasoftware.com/advisories/18336/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18549](https://secuniaresearch.flexerasoftware.com/advisories/18549/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:17921](https://secuniaresearch.flexerasoftware.com/advisories/17921/)\n[Secunia Advisory ID:17956](https://secuniaresearch.flexerasoftware.com/advisories/17956/)\n[Secunia Advisory ID:18192](https://secuniaresearch.flexerasoftware.com/advisories/18192/)\n[Secunia Advisory ID:18189](https://secuniaresearch.flexerasoftware.com/advisories/18189/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:19798](https://secuniaresearch.flexerasoftware.com/advisories/19798/)\n[Secunia Advisory ID:19797](https://secuniaresearch.flexerasoftware.com/advisories/19797/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:17897](https://secuniaresearch.flexerasoftware.com/advisories/17897/)\n[Secunia Advisory ID:17929](https://secuniaresearch.flexerasoftware.com/advisories/17929/)\n[Secunia Advisory ID:17940](https://secuniaresearch.flexerasoftware.com/advisories/17940/)\n[Secunia Advisory ID:18009](https://secuniaresearch.flexerasoftware.com/advisories/18009/)\n[Secunia Advisory ID:18191](https://secuniaresearch.flexerasoftware.com/advisories/18191/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18503](https://secuniaresearch.flexerasoftware.com/advisories/18503/)\n[Secunia Advisory ID:26413](https://secuniaresearch.flexerasoftware.com/advisories/26413/)\n[Related OSVDB ID: 21463](https://vulners.com/osvdb/OSVDB:21463)\nRedHat RHSA: RHSA-2005:840\nRedHat RHSA: RHSA-2005:867\nRedHat RHSA: RHSA-2005:868\nRedHat RHSA: RHSA-2006:0160\nRedHat RHSA: RHSA-2005:878\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-227-1/\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_01_sr.html\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000221.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0072/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_02_sr.html\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200512-08.xml\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0221.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0224.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0075.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0225.html\n[CVE-2005-3191](https://vulners.com/cve/CVE-2005-3191)\n[CVE-2005-3192](https://vulners.com/cve/CVE-2005-3192)\n", "published": "2005-12-05T06:19:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:21462", "cvelist": ["CVE-2005-3192", "CVE-2005-3191"], "lastseen": "2017-04-28T13:20:18"}, {"id": "OSVDB:22235", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3626](https://vulners.com/cve/CVE-2005-3626)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22235", "cvelist": ["CVE-2005-3626"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:22234", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18335](https://secuniaresearch.flexerasoftware.com/advisories/18335/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22233](https://vulners.com/osvdb/OSVDB:22233)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3625](https://vulners.com/cve/CVE-2005-3625)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:22234", "cvelist": ["CVE-2005-3625"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:22233", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function Multiple Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117481\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346086\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/usn/usn-236-1)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20051207-2.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18375](https://secuniaresearch.flexerasoftware.com/advisories/18375/)\n[Secunia Advisory ID:18329](https://secuniaresearch.flexerasoftware.com/advisories/18329/)\n[Secunia Advisory ID:18332](https://secuniaresearch.flexerasoftware.com/advisories/18332/)\n[Secunia Advisory ID:18414](https://secuniaresearch.flexerasoftware.com/advisories/18414/)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:19377](https://secuniaresearch.flexerasoftware.com/advisories/19377/)\n[Secunia Advisory ID:18334](https://secuniaresearch.flexerasoftware.com/advisories/18334/)\n[Secunia Advisory ID:18338](https://secuniaresearch.flexerasoftware.com/advisories/18338/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18463](https://secuniaresearch.flexerasoftware.com/advisories/18463/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18642](https://secuniaresearch.flexerasoftware.com/advisories/18642/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18313](https://secuniaresearch.flexerasoftware.com/advisories/18313/)\n[Secunia Advisory ID:18349](https://secuniaresearch.flexerasoftware.com/advisories/18349/)\n[Secunia Advisory ID:18373](https://secuniaresearch.flexerasoftware.com/advisories/18373/)\n[Secunia Advisory ID:18425](https://secuniaresearch.flexerasoftware.com/advisories/18425/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18448](https://secuniaresearch.flexerasoftware.com/advisories/18448/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:25729](https://secuniaresearch.flexerasoftware.com/advisories/25729/)\n[Secunia Advisory ID:18303](https://secuniaresearch.flexerasoftware.com/advisories/18303/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18312](https://secuniaresearch.flexerasoftware.com/advisories/18312/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18423](https://secuniaresearch.flexerasoftware.com/advisories/18423/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\n[Secunia Advisory ID:18644](https://secuniaresearch.flexerasoftware.com/advisories/18644/)\n[Related OSVDB ID: 22235](https://vulners.com/osvdb/OSVDB:22235)\n[Related OSVDB ID: 22234](https://vulners.com/osvdb/OSVDB:22234)\n[Related OSVDB ID: 22236](https://vulners.com/osvdb/OSVDB:22236)\nRedHat RHSA: RHSA-2006:0163\nRedHat RHSA: RHSA-2006:0177\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-1\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1\nOther Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:005\nOther Advisory URL: http://www.trustix.org/errata/2006/0002/\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-236-2\nMail List Post: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000267.html\n[CVE-2005-3624](https://vulners.com/cve/CVE-2005-3624)\n", "published": "2006-01-03T07:33:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:22233", "cvelist": ["CVE-2005-3624"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:22821", "type": "osvdb", "title": "Multiple Product Xpdf/kpdf JBIG2Stream.cc JBIG2Bitmap::JBIG2Bitmap Function Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-931)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:010)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-936)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-932)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html)\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U.asc)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-961)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-962)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747)\n[Secunia Advisory ID:18147](https://secuniaresearch.flexerasoftware.com/advisories/18147/)\n[Secunia Advisory ID:18582](https://secuniaresearch.flexerasoftware.com/advisories/18582/)\n[Secunia Advisory ID:18675](https://secuniaresearch.flexerasoftware.com/advisories/18675/)\n[Secunia Advisory ID:18908](https://secuniaresearch.flexerasoftware.com/advisories/18908/)\n[Secunia Advisory ID:18398](https://secuniaresearch.flexerasoftware.com/advisories/18398/)\n[Secunia Advisory ID:18380](https://secuniaresearch.flexerasoftware.com/advisories/18380/)\n[Secunia Advisory ID:18407](https://secuniaresearch.flexerasoftware.com/advisories/18407/)\n[Secunia Advisory ID:18534](https://secuniaresearch.flexerasoftware.com/advisories/18534/)\n[Secunia Advisory ID:18674](https://secuniaresearch.flexerasoftware.com/advisories/18674/)\n[Secunia Advisory ID:19230](https://secuniaresearch.flexerasoftware.com/advisories/19230/)\n[Secunia Advisory ID:18428](https://secuniaresearch.flexerasoftware.com/advisories/18428/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:18554](https://secuniaresearch.flexerasoftware.com/advisories/18554/)\n[Secunia Advisory ID:18679](https://secuniaresearch.flexerasoftware.com/advisories/18679/)\n[Secunia Advisory ID:18913](https://secuniaresearch.flexerasoftware.com/advisories/18913/)\n[Secunia Advisory ID:18389](https://secuniaresearch.flexerasoftware.com/advisories/18389/)\n[Secunia Advisory ID:18385](https://secuniaresearch.flexerasoftware.com/advisories/18385/)\n[Secunia Advisory ID:18416](https://secuniaresearch.flexerasoftware.com/advisories/18416/)\n[Secunia Advisory ID:18387](https://secuniaresearch.flexerasoftware.com/advisories/18387/)\n[Secunia Advisory ID:18436](https://secuniaresearch.flexerasoftware.com/advisories/18436/)\nRedHat RHSA: RHSA-2006:0160\nOther Advisory URL: http://www.debian.org/security/2006/dsa-940\nOther Advisory URL: http://www.debian.org/security/2006/dsa-938\nOther Advisory URL: http://www.debian.org/security/2006/dsa-950\nOther Advisory URL: http://www.debian.org/security/2006/dsa-961\nOther Advisory URL: http://www.debian.org/security/2006/dsa-937\n[CVE-2005-3628](https://vulners.com/cve/CVE-2005-3628)\n", "published": "2006-01-03T06:18:33", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22821", "cvelist": ["CVE-2005-3628"], "lastseen": "2017-04-28T13:20:19"}], "openvas": [{"id": "OPENVAS:56457", "type": "openvas", "title": "Debian Security Advisory DSA 1008-1 (kdegraphics)", "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 1008-1.\n\nMarcelo Ricardo Leitner noticed that the current patch in DSA 932\n(CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all\nbuffer overflows, still allowing an attacker to execute arbitrary\ncode.\n\nThe old stable distribution (woody) does not contain kpdf packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56457", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-07-24T12:49:58"}, {"id": "OPENVAS:56229", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdftohtml)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200601-17.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56229", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-07-24T12:50:22"}, {"id": "OPENVAS:56295", "type": "openvas", "title": "Slackware Advisory SSA:2006-045-04 kdegraphics", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-04.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56295", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-09-18T11:13:36"}, {"id": "OPENVAS:56077", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200601-02.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56077", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624"], "lastseen": "2017-07-24T12:49:47"}, {"id": "OPENVAS:56110", "type": "openvas", "title": "Debian Security Advisory DSA 931-1 (xpdf)", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 931-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56110", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:49:49"}, {"id": "OPENVAS:56145", "type": "openvas", "title": "Debian Security Advisory DSA 940-1 (gpdf)", "description": "The remote host is missing an update to gpdf\nannounced via advisory DSA 940-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in gpdf, the GNOME version of the Portable Document\nFormat viewer, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain gpdf packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56145", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:50:00"}, {"id": "OPENVAS:56141", "type": "openvas", "title": "Debian Security Advisory DSA 938-1 (koffice)", "description": "The remote host is missing an update to koffice\nannounced via advisory DSA 938-1.\n\ninfamous41md and chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in koffice, the KDE Office Suite, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain koffice packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56141", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:49:52"}, {"id": "OPENVAS:56211", "type": "openvas", "title": "Debian Security Advisory DSA 950-1 (cupsys)", "description": "The remote host is missing an update to cupsys\nannounced via advisory DSA 950-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56211", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:50:07"}, {"id": "OPENVAS:56221", "type": "openvas", "title": "Debian Security Advisory DSA 962-1 (pdftohtml)", "description": "The remote host is missing an update to pdftohtml\nannounced via advisory DSA 962-1.\n\ninfamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56221", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-07-24T12:50:18"}, {"id": "OPENVAS:136141256231056293", "type": "openvas", "title": "Slackware Advisory SSA:2006-045-09 xpdf", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-045-09.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056293", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2018-04-06T11:19:37"}], "redhat": [{"id": "RHSA-2006:0262", "type": "redhat", "title": "(RHSA-2006:0262) kdegraphics security update", "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a PDF file viewer.\r\n\r\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,\r\nwas incomplete. Red Hat issued kdegraphics packages with this incomplete\r\nfix in RHSA-2005:868. An attacker could construct a carefully crafted PDF\r\nfile that could cause kpdf to crash or possibly execute arbitrary code when\r\nopened. The Common Vulnerabilities and Exposures project assigned the name\r\nCVE-2006-0746 to this issue.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.", "published": "2006-03-09T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0262", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-09-09T07:19:40"}, {"id": "RHSA-2006:0177", "type": "redhat", "title": "(RHSA-2006:0177) gpdf security update", "description": "gpdf is a GNOME based viewer for Portable Document Format (PDF) files.\r\n\r\nChris Evans discovered several flaws in the way gpdf processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\ngpdf to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "published": "2006-01-11T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0177", "cvelist": ["CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627"], "lastseen": "2017-09-09T07:20:34"}, {"id": "RHSA-2006:0163", "type": "redhat", "title": "(RHSA-2006:0163) cups security update", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nChris Evans discovered several flaws in the way CUPS processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\nCUPS to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "published": "2006-01-11T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0163", "cvelist": ["CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627"], "lastseen": "2017-09-08T08:04:31"}, {"id": "RHSA-2005:868", "type": "redhat", "title": "(RHSA-2005:868) kdegraphics security update", "description": "The kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.", "published": "2005-12-20T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2005:868", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "lastseen": "2017-09-09T07:20:37"}, {"id": "RHSA-2006:0160", "type": "redhat", "title": "(RHSA-2006:0160) tetex security update", "description": "TeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "published": "2006-01-19T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0160", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "lastseen": "2018-03-15T06:37:44"}, {"id": "RHSA-2005:840", "type": "redhat", "title": "(RHSA-2005:840) xpdf security update", "description": "The xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.", "published": "2005-12-06T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2005:840", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3625", "CVE-2005-3626", "CVE-2005-3627", "CVE-2005-3628"], "lastseen": "2018-03-28T01:01:09"}, {"id": "RHSA-2005:878", "type": "redhat", "title": "(RHSA-2005:878) cups security update", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nSeveral flaws were discovered in the way CUPS processes PDF files. An\r\nattacker could construct a carefully crafted PDF file that could cause CUPS\r\nto crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, and CVE-2005-3193 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "published": "2005-12-20T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:878", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "lastseen": "2017-09-09T07:20:15"}, {"id": "RHSA-2005:867", "type": "redhat", "title": "(RHSA-2005:867) gpdf security update", "description": "The gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.", "published": "2005-12-20T05:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:867", "cvelist": ["CVE-2005-3191", "CVE-2005-3192", "CVE-2005-3193", "CVE-2005-3628"], "lastseen": "2017-09-09T07:19:50"}], "talos": [{"id": "TALOS-2017-0319", "type": "talos", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability", "description": "# Talos Vulnerability Report\n\n### TALOS-2017-0319\n\n## Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability\n\n##### July 7, 2017\n\n##### CVE Number\n\nCVE-2017-2818\n\n### Summary\n\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\n\n### Tested Versions\n\nPoppler-0.53.0\n\n### Product URLs\n\n<https://poppler.freedesktop.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122: Heap-based Buffer Overflow\n\n### Details\n\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\n\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\n\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4)` at [0]\n \n \n GBool DCTStream::readBaselineSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n if (numComps <= 0 || numComps > 4) {\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\n numComps = 0;\n return gFalse;\n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n //...\n \n GBool DCTStream::readProgressiveSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n \n // [0] \n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\n \n \n for (i = 0; i < numComps; ++i) {\n compInfo[i].id = str->getChar();\n c = str->getChar();\n compInfo[i].hSample = (c >> 4) & 0x0f;\n compInfo[i].vSample = c & 0x0f;\n compInfo[i].quantTable = str->getChar();\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\n return gFalse;\n \n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\n return gFalse;\n \n\n### Crash Information\n \n \n RAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBX: 0x142dd00 --> 0x1 \n RCX: 0x8 \n RDX: 0xffffffff \n RSI: 0x0 \n RDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBP: 0x142de00 --> 0x100000001 \n RSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n RIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\n R8 : 0x3 \n R9 : 0x142c280 --> 0x142c660 --> 0x0 \n R10: 0x7f8c6d31bbe0 --> 0x0 \n R11: 0x1 \n R12: 0x142e100 --> 0x0 \n R13: 0x142e100 --> 0x0 \n R14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n R15: 0x0\n EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\n \n [-------------------------------------code-------------------------------------]\n 0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\n 0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\n 0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\n => 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\n 0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\n 0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <gfree@plt>\n 0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\n 0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\n [------------------------------------stack-------------------------------------]\n 0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n 0008| 0x7ffce0c46018 --> 0x0 \n 0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \n 0024| 0x7ffce0c46028 --> 0x1 \n 0032| 0x7ffce0c46030 --> 0x0 \n 0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\n 0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \n 0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\n [------------------------------------------------------------------------------]\n Legend: code, data, rodata, value\n \n\n### Timeline\n\n2017-05-17 - Vendor Disclosure \n2017-07-07 - Public Release\n\n##### Credit\n\nDiscovered by Lilith Wyatt of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2017-0321\n\nPrevious Report\n\nTALOS-2017-0289\n", "published": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0319", "cvelist": ["CVE-2005-3627", "CVE-2017-2818"], "lastseen": "2018-01-18T19:22:56"}, {"id": "TALOS-2017-2818", "type": "talos", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability", "description": "# Talos Vulnerability Report\n\n### TALOS-2017-2818\n\n## Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability\n\n##### July 7, 2017\n\n##### CVE Number\n\nCVE-2017-0319\n\n### Summary\n\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\n\n### Tested Versions\n\nPoppler-0.53.0\n\n### Product URLs\n\n<https://poppler.freedesktop.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122: Heap-based Buffer Overflow\n\n### Details\n\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\n\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\n\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4)` at [0]\n \n \n GBool DCTStream::readBaselineSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n if (numComps <= 0 || numComps > 4) {\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\n numComps = 0;\n return gFalse;\n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n //...\n \n GBool DCTStream::readProgressiveSOF() {\n int length;\n int prec;\n int i;\n int c;\n \n length = read16();\n prec = str->getChar();\n height = read16();\n width = read16();\n numComps = str->getChar();\n \n // [0] \n \n if (prec != 8) {\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\n return gFalse;\n \n\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\n \n \n for (i = 0; i < numComps; ++i) {\n compInfo[i].id = str->getChar();\n c = str->getChar();\n compInfo[i].hSample = (c >> 4) & 0x0f;\n compInfo[i].vSample = c & 0x0f;\n compInfo[i].quantTable = str->getChar();\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\n return gFalse;\n \n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\n return gFalse;\n \n\n### Crash Information\n \n \n RAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBX: 0x142dd00 --> 0x1 \n RCX: 0x8 \n RDX: 0xffffffff \n RSI: 0x0 \n RDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n RBP: 0x142de00 --> 0x100000001 \n RSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n RIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\n R8 : 0x3 \n R9 : 0x142c280 --> 0x142c660 --> 0x0 \n R10: 0x7f8c6d31bbe0 --> 0x0 \n R11: 0x1 \n R12: 0x142e100 --> 0x0 \n R13: 0x142e100 --> 0x0 \n R14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\n R15: 0x0\n EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\n \n [-------------------------------------code-------------------------------------]\n 0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\n 0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\n 0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\n => 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\n 0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\n 0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <[email\u00a0protected]>\n 0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\n 0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\n [------------------------------------stack-------------------------------------]\n 0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \n 0008| 0x7ffce0c46018 --> 0x0 \n 0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \n 0024| 0x7ffce0c46028 --> 0x1 \n 0032| 0x7ffce0c46030 --> 0x0 \n 0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\n 0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \n 0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\n [------------------------------------------------------------------------------]\n Legend: code, data, rodata, value\n \n\n### Timeline\n\n2017-05-17 - Vendor Disclosure \n2017-07-07 - Public Release\n\n##### Credit\n\nDiscovered by Lilith Wyatt of Cisco Talos.\n\n* * *\n\nBack\n", "published": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-2818", "cvelist": ["CVE-2005-3627", "CVE-2017-0319"], "lastseen": "2017-07-07T16:28:16"}], "seebug": [{"id": "SSV:96476", "type": "seebug", "title": "Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability(CVE-2017-2818)", "description": "### Summary\r\nAn exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.\r\n\r\n### Tested Versions\r\nPoppler-0.53.0\r\n\r\n### Product URLs\r\nhttps://poppler.freedesktop.org/\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\r\n\r\n### CWE\r\nCWE-122: Heap-based Buffer Overflow\r\n\r\n### Details\r\nPoppler is a shared library for displaying PDF files, used as middleware within different enterprise and opensource solutions alike (e.g. Gimp). It is forked off of XPDF, and is a complete implementation of the PDF ISO standard.\r\nThe Poppler library, by default, uses a private implementation of reading and rendering images. There is a compilation option for libjpeg support, but the flag is not enabled by default. This private implementation contains assumptions about the JPEG file headers that can lead to heap corruption when broken.\r\nThis vulnerability was formerly found (CVE-2005-3627) with a fix applied to DCTStream::readBaselineSOF, however the bug was not also fixed in the readProgressiveSOF function. A look at the two functions highlights the vulnerability: There should be a check for: `if (numComps <= 0 || numComps > 4) `at [0]\r\n```\r\nGBool DCTStream::readBaselineSOF() {\r\n int length;\r\n int prec;\r\n int i;\r\n int c;\r\n\r\n length = read16();\r\n prec = str->getChar();\r\n height = read16();\r\n width = read16();\r\n numComps = str->getChar();\r\n if (numComps <= 0 || numComps > 4) {\r\n error(errSyntaxError, getPos(), \"Bad number of components in DCT stream\");\r\n numComps = 0;\r\n return gFalse;\r\n\r\n if (prec != 8) {\r\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\r\n return gFalse;\r\n\r\n//...\r\n\r\n GBool DCTStream::readProgressiveSOF() {\r\n int length;\r\n int prec;\r\n int i;\r\n int c;\r\n\r\n length = read16();\r\n prec = str->getChar();\r\n height = read16();\r\n width = read16();\r\n numComps = str->getChar();\r\n\r\n // [0] \r\n\r\n if (prec != 8) {\r\n error(errSyntaxError, getPos(), \"Bad DCT precision {0:d}\", prec);\r\n return gFalse;\r\n```\r\n\r\nAs there is no check on the numComps variable, the subsequent loop in `DCTStream::readProgressiveSOF` can then write past the intended bounds of compInfo[3], and into heap metadata\r\n```\r\nfor (i = 0; i < numComps; ++i) {\r\n compInfo[i].id = str->getChar();\r\n c = str->getChar();\r\n compInfo[i].hSample = (c >> 4) & 0x0f;\r\n compInfo[i].vSample = c & 0x0f;\r\n compInfo[i].quantTable = str->getChar();\r\n if (compInfo[i].hSample < 1 || compInfo[i].hSample > 4 ||\r\n compInfo[i].vSample < 1 || compInfo[i].vSample > 4) {\r\n error(errSyntaxError, getPos(), \"Bad DCT sampling factor\");\r\n return gFalse;\r\n\r\n if (compInfo[i].quantTable < 0 || compInfo[i].quantTable > 3) {\r\n error(errSyntaxError, getPos(), \"Bad DCT quant table selector\");\r\n return gFalse;\r\n```\r\n\r\n### Crash Information\r\n```\r\nRAX: 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nRBX: 0x142dd00 --> 0x1 \r\nRCX: 0x8 \r\nRDX: 0xffffffff \r\nRSI: 0x0 \r\nRDI: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nRBP: 0x142de00 --> 0x100000001 \r\nRSP: 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \r\nRIP: 0x7f8c6dcb15f8 (:close()+40>: 0xe808c383483b8b48)\r\nR8 : 0x3 \r\nR9 : 0x142c280 --> 0x142c660 --> 0x0 \r\nR10: 0x7f8c6d31bbe0 --> 0x0 \r\nR11: 0x1 \r\nR12: 0x142e100 --> 0x0 \r\nR13: 0x142e100 --> 0x0 \r\nR14: 0x142cf50 --> 0x7f8c6dfbaf50 --> 0x7f8c6dcb2760 (:~DCTStream()>: 0x530030b6c9058b48)\r\nR15: 0x0\r\nEFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)\r\n\r\n[-------------------------------------code-------------------------------------]\r\n0x7f8c6dcb15e9 <DCTStream::close()+25>: mov r12,r13\r\n0x7f8c6dcb15ec <DCTStream::close()+28>: lea rbp,[rbx+0x100]\r\n0x7f8c6dcb15f3 <DCTStream::close()+35>: nop DWORD PTR [rax+rax*1+0x0]\r\n=> 0x7f8c6dcb15f8 <DCTStream::close()+40>: mov rdi,QWORD PTR [rbx]\r\n0x7f8c6dcb15fb <DCTStream::close()+43>: add rbx,0x8\r\n0x7f8c6dcb15ff <DCTStream::close()+47>: call 0x7f8c6dbfd7a0 <gfree@plt>\r\n0x7f8c6dcb1604 <DCTStream::close()+52>: mov QWORD PTR [rbx-0x8],0x0\r\n0x7f8c6dcb160c <DCTStream::close()+60>: cmp rbx,rbp\r\n[------------------------------------stack-------------------------------------]\r\n0000| 0x7ffce0c46010 --> 0x142e450 --> 0x7f8cfffffffd \r\n0008| 0x7ffce0c46018 --> 0x0 \r\n0016| 0x7ffce0c46020 --> 0x142e468 --> 0x8 \r\n0024| 0x7ffce0c46028 --> 0x1 \r\n0032| 0x7ffce0c46030 --> 0x0 \r\n0040| 0x7ffce0c46038 --> 0x7f8c6dc9bdf7 (:getChar(bool)+55>: 0xfff650e1e8e7894c)\r\n0048| 0x7ffce0c46040 --> 0x142e450 --> 0x7f8cfffffffd \r\n0056| 0x7ffce0c46048 --> 0x1429d98 --> 0xd ('\\r')\r\n[------------------------------------------------------------------------------]\r\nLegend: code, data, rodata, value\r\n```\r\n\r\n### Timeline\r\n* 2017-05-17 - Vendor Disclosure\r\n* 2017-07-07 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Lilith Wyatt of Cisco Talos.", "published": "2017-09-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-96476", "cvelist": ["CVE-2005-3627", "CVE-2017-2818"], "lastseen": "2017-11-19T12:04:19"}], "centos": [{"id": "CESA-2006:0262", "type": "centos", "title": "kdegraphics security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0262\n\n\nThe kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a PDF file viewer.\r\n\r\nMarcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,\r\nwas incomplete. Red Hat issued kdegraphics packages with this incomplete\r\nfix in RHSA-2005:868. An attacker could construct a carefully crafted PDF\r\nfile that could cause kpdf to crash or possibly execute arbitrary code when\r\nopened. The Common Vulnerabilities and Exposures project assigned the name\r\nCVE-2006-0746 to this issue.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012718.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012723.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012725.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012726.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-March/012733.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0262.html", "published": "2006-03-09T22:05:31", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-March/012718.html", "cvelist": ["CVE-2005-3627", "CVE-2006-0746"], "lastseen": "2017-10-12T14:45:18"}, {"id": "CESA-2006:0177", "type": "centos", "title": "gpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0177\n\n\ngpdf is a GNOME based viewer for Portable Document Format (PDF) files.\r\n\r\nChris Evans discovered several flaws in the way gpdf processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\ngpdf to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012565.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012566.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012567.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012573.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012574.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0177.html", "published": "2006-01-12T05:08:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012565.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-12T14:44:55"}, {"id": "CESA-2006:0163", "type": "centos", "title": "cups security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0163\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\r\nfor UNIX(R) operating systems.\r\n\r\nChris Evans discovered several flaws in the way CUPS processes PDF files.\r\nAn attacker could construct a carefully crafted PDF file that could cause\r\nCUPS to crash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3624,\r\nCVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.\r\n\r\nAll users of CUPS should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012557.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012558.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012559.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012561.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012562.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012563.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012564.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012571.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012572.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0163.html", "published": "2006-01-11T22:26:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012557.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2017-10-12T14:45:00"}, {"id": "CESA-2006:0160", "type": "centos", "title": "tetex security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0160\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012585.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012586.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012591.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012592.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012594.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012595.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012598.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012600.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012602.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0160.html", "published": "2006-01-19T21:19:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012585.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:44:47"}, {"id": "CESA-2005:840", "type": "centos", "title": "xpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:840\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012449.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012450.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012453.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012454.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012457.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012459.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012460.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012463.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012465.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012486.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012487.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012490.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012493.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012500.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012510.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012513.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012529.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012530.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-840.html", "published": "2005-12-06T16:19:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012449.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:44:50"}, {"id": "CESA-2005:840-02", "type": "centos", "title": "xpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:840-02\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012507.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2005-12-22T00:12:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012507.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:45"}, {"id": "CESA-2006:0160-01", "type": "centos", "title": "tetex security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0160-01\n\n\nTeTeX is an implementation of TeX. TeX takes a text file and a set of\r\nformatting commands as input and creates a typesetter-independent .dvi\r\n(DeVice Independent) file as output.\r\n\r\nSeveral flaws were discovered in the teTeX PDF parsing library. An attacker\r\ncould construct a carefully crafted PDF file that could cause teTeX to\r\ncrash or possibly execute arbitrary code when opened. The Common\r\nVulnerabilities and Exposures project assigned the names CVE-2005-3191,\r\nCVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626,\r\nCVE-2005-3627 and CVE-2005-3628 to these issues.\r\n\r\nUsers of teTeX should upgrade to these updated packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/012604.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvilj\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-01-30T00:51:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/012604.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:47:07"}, {"id": "CESA-2005:840-01", "type": "centos", "title": "xpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:840-01\n\n\nThe xpdf package is an X Window System-based viewer for Portable Document\r\nFormat (PDF) files.\r\n\r\nSeveral flaws were discovered in Xpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause Xpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of Xpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\r\n\r\nRed Hat would like to thank Derek B. Noonburg for reporting this issue and\r\nproviding a patch.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012469.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2005-12-07T00:42:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012469.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:14"}, {"id": "CESA-2005:868", "type": "centos", "title": "kdegraphics security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:868\n\n\nThe kdegraphics packages contain applications for the K Desktop Environment\r\nincluding kpdf, a pdf file viewer.\r\n\r\nSeveral flaws were discovered in kpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause kpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of kpdf should upgrade to these updated packages, which contain a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012498.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012505.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012518.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012519.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012520.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-868.html", "published": "2005-12-21T02:55:30", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012498.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:48"}, {"id": "CESA-2005:867", "type": "centos", "title": "gpdf security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:867\n\n\nThe gpdf package is a GNOME based viewer for Portable Document Format\r\n(PDF) files.\r\n\r\nSeveral flaws were discovered in gpdf. An attacker could construct a\r\ncarefully crafted PDF file that could cause gpdf to crash or possibly\r\nexecute arbitrary code when opened. The Common Vulnerabilities and\r\nExposures project assigned the names CVE-2005-3191, CVE-2005-3192, and\r\nCVE-2005-3193 to these issues.\r\n\r\nUsers of gpdf should upgrade to this updated package, which contains a\r\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012495.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012502.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012515.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012525.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-December/012526.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-867.html", "published": "2005-12-21T02:51:50", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-December/012495.html", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193", "CVE-2005-3628"], "lastseen": "2017-10-12T14:45:04"}], "talosblog": [{"id": "TALOSBLOG:E92A35ABBB4E772E08533C6C9DA50867", "type": "talosblog", "title": "Vulnerability Spotlight: TALOS-2017-0311,0319,0321 - Multiple Remote Code Execution Vulnerability in Poppler PDF library", "description": "<div dir=\"ltr\" style=\"text-align: left;\" trbidi=\"on\">Vulnerability discovered by Marcin Noga, Lilith Wyatt and Aleksandar Nikolic of Cisco Talos.<br /><br /><h3 style=\"text-align: left;\">Overview</h3>Talos has discovered multiple vulnerabilities in the freedesktop.org Poppler PDF library. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim's machine. If an attacker builds a specially crafted PDF document and the victim opens it, the attackers code will be executed with the privileges of the local user. <br /><br /><a name='more'></a><br /><h3 style=\"text-align: left;\">Details</h3><div style=\"text-align: left;\">Poppler is a shared library for displaying PDF files, used as middleware within different enterprise and open source solutions (e.g. Gimp). It is forked off from XPDF and is a complete implementation of the PDF ISO standard. Talos identified three remote code execution vulnerabilities in the Poppler library.<br /><br /><b>TALOS-2017-0311 / CVE-2017-2814</b> - Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability<br /><br />An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an image resizing after allocation has already occurred, resulting in a heap corruption triggered in the DCTStream::readScan() function. This can lead to code execution with the local user rights.<br /><br /><b>TALOS-2017-0319 / CVE-2017-2818</b> - Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability<br /><br />Talos found an exploitable heap overflow vulnerability in the image rendering functionality of Poppler-0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in a heap corruption. This can be used by an attacker to craft a PDF file that executes malicious code on the victim's computer with the rights of the local user.<br /><br />This vulnerability was formerly found (CVE-2005-3627), with a fix applied to DCTStream::readBaselineSOF, however the bug was missed in the readProgressiveSOF function.<br /><br /><b>TALOS-2017-0321 / CVE-2017-2820 - </b><span id=\"summary_alias_container\"><span id=\"short_desc_nonedit_display\">Poppler PDF library JPEG2000 levels Code Execution Vulnerability</span></span></div><div style=\"text-align: left;\"><br />Talos discovered an exploitable integer overflow vulnerability in the JPEG 2000 image parsing functionality of the Poppler 0.53.0 library. An attacker can build a specially crafted PDF file that uses this bug to trigger an integer overflow. Later in the code execution flow, this can lead to memory getting overwritten on the heap resulting in a potential arbitrary code execution with the rights of the local user. Like with the other two vulnerabilities before, a victim must open the malicious PDF in an application using this library to exploit this vulnerability. One example of a vulnerable application is the default PDF reader Evince, shipped with the latest version of Ubuntu Linux. </div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br /><h3 style=\"text-align: left;\">Additional Notes</h3>We would like to highlight that TALOS-2017-0311 and TALOS-2017-0321 are in Poppler's internal, unmaintained JPEG and JPEG2000 decoders which shouldn't ever be used. Even Poppler\u2019s documentation strongly suggests not using them. It is highly recommended to build the Poppler library with more robust and up to date external implementations such as libjpeg and openjpeg. However, Ubuntu does not do this by default for JPEG2000 and will use the unmaintained code, thus making Ubuntu-compiled versions vulnerable to these issues.<br /><br />Talos is seeing client side attacks based on malicious PDF files on a daily base. If your company is using a Popper based application, it is possible that an attacker could use one of these vulnerabilities against it in a targeted attack. This shows how important it is to keep all applications up to date and not only the operation system.</div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br />More technical details can be found in the Talos Vulnerability Reports: </div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0311\">TALOS-2017-0311</a></div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0319\">TALOS-2017-0319</a></div><div style=\"text-align: left;\"><a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0321\">TALOS-2017-0321</a></div><div style=\"text-align: left;\"></div><div style=\"text-align: left;\"><br /></div><h3 style=\"text-align: left;\">Coverage</h3><div style=\"text-align: left;\">The following Snort Rules will detect exploitation attempts of this vulnerability. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org<br /><br />Snort rules: 42273-42274, 42319 - 42320 , 42352-42353</div></div><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=Epb7zux15g4:WfmtXYq2U6Y:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/Epb7zux15g4\" height=\"1\" width=\"1\" alt=\"\"/>", "published": "2017-07-07T08:27:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Epb7zux15g4/vulnerability-spotlight-talos-2017.html", "cvelist": ["CVE-2005-3627", "CVE-2017-2814", "CVE-2017-2818", "CVE-2017-2820"], "lastseen": "2017-07-29T13:22:40"}], "ubuntu": [{"id": "USN-236-1", "type": "ubuntu", "title": "xpdf vulnerabilities", "description": "Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user \u2018cupsys\u2019).", "published": "2006-01-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/236-1/", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2018-03-29T18:19:21"}, {"id": "USN-236-2", "type": "ubuntu", "title": "xpdf vulnerabilities in kword, kpdf", "description": "USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues.\n\nFor reference, this is the original advisory:\n\nChris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.", "published": "2006-01-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/236-2/", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2018-03-29T18:20:40"}, {"id": "USN-227-1", "type": "ubuntu", "title": "xpdf vulnerabilities", "description": "infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.\n\nThe CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user \u2018cupsys\u2019).", "published": "2005-12-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/227-1/", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "lastseen": "2018-03-29T18:19:52"}], "gentoo": [{"id": "GLSA-200601-17", "type": "gentoo", "title": "Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows", "description": "### Background\n\nXpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data from files. pdftohtml is a utility to convert PDF files to HTML or XML formats that makes use of Xpdf code to decode PDF files. \n\n### Description\n\nChris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files. \n\n### Impact\n\nBy sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r5\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/poppler-0.4.3-r4\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r3\"\n\nAll libextractor users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libextractor-0.5.9\"\n\nAll pdftohtml users should migrate to the latest stable version of Poppler.", "published": "2006-01-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200601-17", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3625", "CVE-2005-3624"], "lastseen": "2016-09-06T19:46:53"}, {"id": "GLSA-200601-02", "type": "gentoo", "title": "KPdf, KWord: Multiple overflows in included Xpdf code", "description": "### Background\n\nKPdf is a KDE-based PDF viewer included in the kdegraphics package. KWord is a KDE-based word processor also included in the koffice package. \n\n### Description\n\nKPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted PDF file with Kpdf or KWord, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdegraphics users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdegraphics-3.4.3-r3\"\n\nAll Kpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kpdf-3.4.3-r3\"\n\nAll KOffice users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/koffice-1.4.2-r6\"\n\nAll KWord users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/kword-1.4.2-r6\"", "published": "2006-01-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200601-02", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-06T19:46:11"}, {"id": "GLSA-200512-08", "type": "gentoo", "title": "Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities", "description": "### Background\n\nXpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. \n\n### Description\n\ninfamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows. \n\n### Impact\n\nAn attacker could entice a user to open a specially-crafted PDF file which would trigger an overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or Poppler. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Xpdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/xpdf-3.01-r2\"\n\nAll GPdf users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gpdf-2.10.0-r2\"\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose app-text/poppler\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.1.23-r3\"", "published": "2005-12-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200512-08", "cvelist": ["CVE-2005-3192", "CVE-2005-3191", "CVE-2005-3193"], "lastseen": "2016-09-06T19:46:39"}], "suse": [{"id": "SUSE-SA:2006:001", "type": "suse", "title": "remote code execution in xpdf,kpdf,gpdf,kword", "description": "\"infamous41md\", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. Copies of xpdf code are also contained in cups, kpdf, kword, gpdf, libextractor, pdf2html, poppler and tetex. Updates for those are in the works.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2006-01-11T12:03:37", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2006-01/msg00007.html", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-04T11:40:16"}], "debian": [{"id": "DSA-932", "type": "debian", "title": "kdegraphics -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package.\n\nThe old stable distribution (woody) does not contain kpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 3.3.2-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.5.0-3.\n\nWe recommend that you upgrade your kpdf package.", "published": "2006-01-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-932", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:37:06"}, {"id": "DSA-940", "type": "debian", "title": "gpdf -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain gpdf packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 2.8.2-1.2sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in version 2.10.0-2.\n\nWe recommend that you upgrade your gpdf package.", "published": "2006-01-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-940", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:27:46"}, {"id": "DSA-962", "type": "debian", "title": "pdftohtml -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdftohtml packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.36-11sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdftohtml package.", "published": "2006-02-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-962", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:21:26"}, {"id": "DSA-936", "type": "debian", "title": "libextractor -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain libextractor packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.4.2-2sarge2.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your libextractor packages.", "published": "2006-01-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-936", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-2097", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:25:06"}, {"id": "DSA-950", "type": "debian", "title": "cupsys -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.1.14-5woody14.\n\nCUPS doesn't use the xpdf source anymore since 1.1.22-7, when it switched to using xpdf-utils for PDF processing.\n\nWe recommend that you upgrade your CUPS packages.", "published": "2006-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-950", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:28:03"}, {"id": "DSA-931", "type": "debian", "title": "xpdf -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in version 1.00-3.8.\n\nFor the stable distribution (sarge) these problems have been fixed in version 3.00-13.4.\n\nFor the unstable distribution (sid) these problems have been fixed in version 3.01-4.\n\nWe recommend that you upgrade your xpdf package.", "published": "2006-01-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-931", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:27:09"}, {"id": "DSA-938", "type": "debian", "title": "koffice -- buffer overflows", "description": "\"infamous41md\" and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain koffice packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.3.5-4.sarge.2.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.4.2-6.\n\nWe recommend that you upgrade your koffice package.", "published": "2006-01-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-938", "cvelist": ["CVE-2005-3627", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:30:25"}, {"id": "DSA-961", "type": "debian", "title": "pdfkit.framework -- buffer overflows", "description": "\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.\n\nThe old stable distribution (woody) does not contain pdfkit.framework packages.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.8-2sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your pdfkit.framework package.", "published": "2006-02-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-961", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2016-09-02T18:20:25"}], "slackware": [{"id": "SSA-2006-045-04", "type": "slackware", "title": "kdegraphics", "description": "New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2,\nand -current to fix security issues with kpdf.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\nAdditional information is also available from the KDE website:\n\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/kdegraphics-3.4.2-i486-2.tgz: Patched integer and\n heap overflows in kpdf to fix possible security bugs with malformed\n PDF files.\n For more information, see:\n http://www.kde.org/info/security/advisory-20051207-2.txt\n http://www.kde.org/info/security/advisory-20060202-1.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdegraphics-3.2.3-i486-2.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdegraphics-3.3.2-i486-4.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdegraphics-3.4.2-i486-2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdegraphics-3.5.1-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\nda13535a269210c3e8aff65ef17e2442 kdegraphics-3.2.3-i486-2.tgz\n\nSlackware 10.1 package:\n1499ba1755da9e69a6b69031b2919eb2 kdegraphics-3.3.2-i486-4.tgz\n\nSlackware 10.2 package:\n5bb6d9647f5d48d00cbd698e9aa5821e kdegraphics-3.4.2-i486-2.tgz\n\nSlackware -current package:\na3dc06eee3e19500f39ee1ecbac977e1 kdegraphics-3.5.1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg kdegraphics-3.4.2-i486-2.tgz", "published": "2006-02-14T16:27:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2018-02-02T18:11:27"}, {"id": "SSA-2006-045-09", "type": "slackware", "title": "xpdf", "description": "New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\nand -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to\n fix integer and heap overflows in xpdf triggered by malformed PDF files.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/xpdf-3.01-i386-3.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.01-i486-3a.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.01-i486-3.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.01-i486-3.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\nfebda74afb06e94f745ef2d02867b505 xpdf-3.01-i386-3.tgz\n\nSlackware 9.1 package:\n1dd5847ecf094359fe712850391e7b37 xpdf-3.01-i486-3.tgz\n\nSlackware 10.0 package:\nabd65f71b8484579aa4b1ce081b4d61e xpdf-3.01-i486-3.tgz\n\nSlackware 10.1 package:\n9270fb578380221d9e642c7d80fac931 xpdf-3.01-i486-3a.tgz\n\nSlackware 10.2 package:\n8c85579182d43d56920e5a79063b447e xpdf-3.01-i486-3.tgz\n\nSlackware -current package:\n172d66fd19dbf8ceca0a25a6c17e75c2 xpdf-3.01-i486-3.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xpdf-3.01-i486-3.tgz", "published": "2006-02-14T16:28:51", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683", "cvelist": ["CVE-2005-3627", "CVE-2005-3192", "CVE-2005-3626", "CVE-2006-0301", "CVE-2005-3191", "CVE-2005-3625", "CVE-2005-3193", "CVE-2005-3624", "CVE-2005-3628"], "lastseen": "2018-02-02T18:11:36"}]}}