Lucene search

[email protected]NVD:CVE-2005-3625

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-3625

2005-12-3105:00:00

CWE-399

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka “Infinite CPU spins.”

Affected configurations

NVD

Node

easy_software_productscupsMatch1.1.22

easy_software_productscupsMatch1.1.22_rc1

easy_software_productscupsMatch1.1.23

easy_software_productscupsMatch1.1.23_rc1

kdekdegraphicsMatch3.2

kdekdegraphicsMatch3.4.3

kdekofficeMatch1.4

kdekofficeMatch1.4.1

kdekofficeMatch1.4.2

kdekpdfMatch3.2

kdekpdfMatch3.4.3

kdekwordMatch1.4.2

libextractorlibextractor

popplerpopplerMatch0.4.2

sgipropackMatch3.0sp6

tetextetexMatch1.0.7

tetextetexMatch2.0

tetextetexMatch2.0.1

tetextetexMatch2.0.2

tetextetexMatch3.0

xpdfxpdfMatch3.0

conectivalinuxMatch10.0

Node

debiandebian_linuxMatch3.0

debiandebian_linuxMatch3.0alpha

debiandebian_linuxMatch3.0arm

debiandebian_linuxMatch3.0hppa

debiandebian_linuxMatch3.0ia-32

debiandebian_linuxMatch3.0ia-64

debiandebian_linuxMatch3.0m68k

debiandebian_linuxMatch3.0mips

debiandebian_linuxMatch3.0mipsel

debiandebian_linuxMatch3.0ppc

debiandebian_linuxMatch3.0s-390

debiandebian_linuxMatch3.0sparc

debiandebian_linuxMatch3.1

debiandebian_linuxMatch3.1alpha

debiandebian_linuxMatch3.1amd64

debiandebian_linuxMatch3.1arm

debiandebian_linuxMatch3.1hppa

debiandebian_linuxMatch3.1ia-32

debiandebian_linuxMatch3.1ia-64

debiandebian_linuxMatch3.1m68k

debiandebian_linuxMatch3.1mips

debiandebian_linuxMatch3.1mipsel

debiandebian_linuxMatch3.1ppc

debiandebian_linuxMatch3.1s-390

debiandebian_linuxMatch3.1sparc

gentoolinux

mandrakesoftmandrake_linuxMatch10.1

mandrakesoftmandrake_linuxMatch10.1x86-64

mandrakesoftmandrake_linuxMatch10.2

mandrakesoftmandrake_linuxMatch10.2x86-64

mandrakesoftmandrake_linuxMatch2006

mandrakesoftmandrake_linuxMatch2006x86-64

mandrakesoftmandrake_linux_corporate_serverMatch2.1

mandrakesoftmandrake_linux_corporate_serverMatch2.1x86_64

mandrakesoftmandrake_linux_corporate_serverMatch3.0

mandrakesoftmandrake_linux_corporate_serverMatch3.0x86_64

redhatenterprise_linuxMatch2.1advanced_server

redhatenterprise_linuxMatch2.1advanced_server_ia64

redhatenterprise_linuxMatch2.1enterprise_server

redhatenterprise_linuxMatch2.1enterprise_server_ia64

redhatenterprise_linuxMatch2.1workstation

redhatenterprise_linuxMatch2.1workstation_ia64

redhatenterprise_linuxMatch3.0advanced_server

redhatenterprise_linuxMatch3.0enterprise_server

redhatenterprise_linuxMatch3.0workstation_server

redhatenterprise_linuxMatch4.0advanced_server

redhatenterprise_linuxMatch4.0enterprise_server

redhatenterprise_linuxMatch4.0workstation

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch4.0

redhatfedora_coreMatchcore_1.0

redhatfedora_coreMatchcore_2.0

redhatfedora_coreMatchcore_3.0

redhatfedora_coreMatchcore_4.0

redhatlinuxMatch7.3i386

redhatlinuxMatch9.0i386

redhatlinux_advanced_workstationMatch2.1ia64

redhatlinux_advanced_workstationMatch2.1itanium

scoopenserverMatch5.0.7

scoopenserverMatch6.0

slackwareslackware_linuxMatch9.0

slackwareslackware_linuxMatch9.1

slackwareslackware_linuxMatch10.0

slackwareslackware_linuxMatch10.1

slackwareslackware_linuxMatch10.2

susesuse_linuxMatch1.0

susesuse_linuxMatch9.0enterprise_server

susesuse_linuxMatch9.0personal

susesuse_linuxMatch9.0professional

susesuse_linuxMatch9.0s_390

susesuse_linuxMatch9.0x86_64

susesuse_linuxMatch9.1personal

susesuse_linuxMatch9.1professional

susesuse_linuxMatch9.1x86_64

susesuse_linuxMatch9.2personal

susesuse_linuxMatch9.2professional

susesuse_linuxMatch9.2x86_64

susesuse_linuxMatch9.3personal

susesuse_linuxMatch9.3professional

susesuse_linuxMatch9.3x86_64

susesuse_linuxMatch10.0oss

susesuse_linuxMatch10.0professional

trustixsecure_linuxMatch2.0

trustixsecure_linuxMatch2.2

trustixsecure_linuxMatch3.0

turbolinuxturbolinuxMatch10

turbolinuxturbolinuxMatchfuji

turbolinuxturbolinux_appliance_serverMatch1.0_hosting_edition

turbolinuxturbolinux_appliance_serverMatch1.0_workgroup_edition

turbolinuxturbolinux_desktopMatch10.0

turbolinuxturbolinux_home

turbolinuxturbolinux_multimedia

turbolinuxturbolinux_personal

turbolinuxturbolinux_serverMatch8.0

turbolinuxturbolinux_serverMatch10.0

turbolinuxturbolinux_serverMatch10.0_x86

turbolinuxturbolinux_workstationMatch8.0

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

ubuntuubuntu_linuxMatch5.04amd64

ubuntuubuntu_linuxMatch5.04i386

ubuntuubuntu_linuxMatch5.04powerpc

ubuntuubuntu_linuxMatch5.10amd64

ubuntuubuntu_linuxMatch5.10i386

ubuntuubuntu_linuxMatch5.10powerpc

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

rhn.redhat.com/errata/RHSA-2006-0177.html

scary.beasts.org/security/CESA-2005-003.txt

secunia.com/advisories/18147

secunia.com/advisories/18303

secunia.com/advisories/18312

secunia.com/advisories/18313

secunia.com/advisories/18329

secunia.com/advisories/18332

secunia.com/advisories/18334

secunia.com/advisories/18335

secunia.com/advisories/18338

secunia.com/advisories/18349

secunia.com/advisories/18373

secunia.com/advisories/18375

secunia.com/advisories/18380

secunia.com/advisories/18385

secunia.com/advisories/18387

secunia.com/advisories/18389

secunia.com/advisories/18398

secunia.com/advisories/18407

secunia.com/advisories/18414

secunia.com/advisories/18416

secunia.com/advisories/18423

secunia.com/advisories/18425

secunia.com/advisories/18428

secunia.com/advisories/18436

secunia.com/advisories/18448

secunia.com/advisories/18463

secunia.com/advisories/18517

secunia.com/advisories/18534

secunia.com/advisories/18554

secunia.com/advisories/18582

secunia.com/advisories/18642

secunia.com/advisories/18644

secunia.com/advisories/18674

secunia.com/advisories/18675

secunia.com/advisories/18679

secunia.com/advisories/18908

secunia.com/advisories/18913

secunia.com/advisories/19230

secunia.com/advisories/19377

secunia.com/advisories/25729

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

www.debian.org/security/2005/dsa-931

www.debian.org/security/2005/dsa-932

www.debian.org/security/2005/dsa-937

www.debian.org/security/2005/dsa-938

www.debian.org/security/2005/dsa-940

www.debian.org/security/2006/dsa-936

www.debian.org/security/2006/dsa-950

www.debian.org/security/2006/dsa-961

www.debian.org/security/2006/dsa-962

www.gentoo.org/security/en/glsa/glsa-200601-02.xml

www.gentoo.org/security/en/glsa/glsa-200601-17.xml

www.kde.org/info/security/advisory-20051207-2.txt

www.mandriva.com/security/advisories?name=MDKSA-2006:003

www.mandriva.com/security/advisories?name=MDKSA-2006:004

www.mandriva.com/security/advisories?name=MDKSA-2006:005

www.mandriva.com/security/advisories?name=MDKSA-2006:006

www.mandriva.com/security/advisories?name=MDKSA-2006:008

www.mandriva.com/security/advisories?name=MDKSA-2006:010

www.mandriva.com/security/advisories?name=MDKSA-2006:011

www.mandriva.com/security/advisories?name=MDKSA-2006:012

www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html

www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html

www.redhat.com/support/errata/RHSA-2006-0160.html

www.redhat.com/support/errata/RHSA-2006-0163.html

www.securityfocus.com/archive/1/427053/100/0/threaded

www.securityfocus.com/archive/1/427990/100/0/threaded

www.securityfocus.com/bid/16143

www.trustix.org/errata/2006/0002/

www.vupen.com/english/advisories/2006/0047

www.vupen.com/english/advisories/2007/2280

exchange.xforce.ibmcloud.com/vulnerabilities/24023

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575

usn.ubuntu.com/236-1/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for NVD:CVE-2005-3625

cvelist1 ubuntucve1 debiancve1 cve1 nessus40 openvas26 ubuntu2 redhat5 centos8 gentoo2 securityvulns3 osv3 debian18 suse1 slackware2