CVE-2005-3192
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.184 Low
EPSS
Percentile
96.2%
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
Affected configurations
References
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
rhn.redhat.com/errata/RHSA-2005-868.html
scary.beasts.org/security/CESA-2005-003.txt
secunia.com/advisories/17897/
secunia.com/advisories/17908
secunia.com/advisories/17912
secunia.com/advisories/17916
secunia.com/advisories/17920
secunia.com/advisories/17921
secunia.com/advisories/17926
secunia.com/advisories/17929
secunia.com/advisories/17940
secunia.com/advisories/17955
secunia.com/advisories/17976
secunia.com/advisories/18009
secunia.com/advisories/18055
secunia.com/advisories/18061
secunia.com/advisories/18189
secunia.com/advisories/18191
secunia.com/advisories/18192
secunia.com/advisories/18303
secunia.com/advisories/18313
secunia.com/advisories/18336
secunia.com/advisories/18349
secunia.com/advisories/18380
secunia.com/advisories/18385
secunia.com/advisories/18387
secunia.com/advisories/18389
secunia.com/advisories/18398
secunia.com/advisories/18407
secunia.com/advisories/18416
secunia.com/advisories/18428
secunia.com/advisories/18436
secunia.com/advisories/18448
secunia.com/advisories/18503
secunia.com/advisories/18517
secunia.com/advisories/18534
secunia.com/advisories/18549
secunia.com/advisories/18554
secunia.com/advisories/18582
secunia.com/advisories/18674
secunia.com/advisories/18675
secunia.com/advisories/18679
secunia.com/advisories/18908
secunia.com/advisories/18913
secunia.com/advisories/19230
secunia.com/advisories/19377
secunia.com/advisories/19797
secunia.com/advisories/19798
secunia.com/advisories/25729
secunia.com/advisories/26413
securityreason.com/securityalert/235
securityreason.com/securityalert/240
securitytracker.com/id?1015309
securitytracker.com/id?1015324
slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
www.debian.org/security/2005/dsa-931
www.debian.org/security/2005/dsa-932
www.debian.org/security/2006/dsa-936
www.debian.org/security/2006/dsa-937
www.debian.org/security/2006/dsa-950
www.debian.org/security/2006/dsa-961
www.debian.org/security/2006/dsa-962
www.gentoo.org/security/en/glsa/glsa-200512-08.xml
www.gentoo.org/security/en/glsa/glsa-200601-02.xml
www.idefense.com/application/poi/display?id=344&type=vulnerabilities
www.kde.org/info/security/advisory-20051207-1.txt
www.kde.org/info/security/advisory-20051207-2.txt
www.mandriva.com/security/advisories?name=MDKSA-2006:003
www.mandriva.com/security/advisories?name=MDKSA-2006:004
www.mandriva.com/security/advisories?name=MDKSA-2006:005
www.mandriva.com/security/advisories?name=MDKSA-2006:006
www.mandriva.com/security/advisories?name=MDKSA-2006:008
www.mandriva.com/security/advisories?name=MDKSA-2006:010
www.mandriva.com/security/advisories?name=MDKSA-2006:011
www.novell.com/linux/security/advisories/2005_29_sr.html
www.novell.com/linux/security/advisories/2006_02_sr.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
www.redhat.com/support/errata/RHSA-2005-840.html
www.redhat.com/support/errata/RHSA-2005-867.html
www.redhat.com/support/errata/RHSA-2005-878.html
www.redhat.com/support/errata/RHSA-2006-0160.html
www.securityfocus.com/archive/1/418883/100/0/threaded
www.securityfocus.com/archive/1/427053/100/0/threaded
www.securityfocus.com/archive/1/427990/100/0/threaded
www.securityfocus.com/bid/15725
www.trustix.org/errata/2005/0072/
www.ubuntulinux.org/usn/usn-227-1
www.vupen.com/english/advisories/2005/2755
www.vupen.com/english/advisories/2005/2786
www.vupen.com/english/advisories/2005/2787
www.vupen.com/english/advisories/2005/2788
www.vupen.com/english/advisories/2005/2789
www.vupen.com/english/advisories/2005/2790
www.vupen.com/english/advisories/2005/2856
www.vupen.com/english/advisories/2007/2280
exchange.xforce.ibmcloud.com/vulnerabilities/23442
issues.rpath.com/browse/RPL-1609
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10914
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.184 Low
EPSS
Percentile
96.2%