CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service infinite loop via streams that end prematurely, as demonstrated using the 1 CCITTFaxDecode and 2 DCTDecode streams, aka "Infinite CPU spins."...

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

CVE-2005-3627

CVE-2005-3627 is a vulnerability in Xpdf (Stream.cc) affecting multiple products using Xpdf code paths (e.g., gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor). The issue arises in DCTDecode stream handling: (1) an unchecked large number of components value in DCTStream::readBaselineSOF/...

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

CVE-2005-3628

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...

CVE-2005-3627

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

CVE-2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

CVE-2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

DEBIAN-CVE-2005-3193

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code JPXStream.c for xpdf 3.01 and earlier, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, 4 CUPS, and 5 libextractor allows user-assisted attackers to cause a denial of service heap...

[ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities

Gentoo Linux Security Advisory GLSA 200506-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

GLSA-200506-06 : libextractor: Multiple overflow vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200506-06 libextractor: Multiple overflow vulnerabilities Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors. Impact : An attacker could...

libextractor: Multiple overflow vulnerabilities

Background libextractor is a library used to extract meta-data from files. It makes use of Xpdf code to extract information from PDF files. Description Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors...