Home > Vulnerability Database > CVE-2005-3191

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-3191

Date: December 6, 2005

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.

Severity Score

5.6

Related Resources (119)

Url: http://secunia.com/advisories/17916

Url: http://securitytracker.com/id?1015309

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Url: http://secunia.com/advisories/17912

Url: http://www.redhat.com/support/errata/RHSA-2005-867.html

Url: http://www.kde.org/info/security/advisory-20051207-1.txt

Url: http://secunia.com/advisories/18448

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Url: http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml

Url: http://www.vupen.com/english/advisories/2005/2856

Url: http://www.securityfocus.com/archive/1/427990/100/0/threaded

Url: http://secunia.com/advisories/18055

Url: http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Url: http://www.novell.com/linux/security/advisories/2006_02_sr.html

Url: http://www.redhat.com/support/errata/RHSA-2005-840.html

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt

Url: http://secunia.com/advisories/17929

Url: http://secunia.com/advisories/17926

Url: http://secunia.com/advisories/17920

Url: http://secunia.com/advisories/17921

Url: http://secunia.com/advisories/18336

Url: http://secunia.com/advisories/18189

Url: http://secunia.com/advisories/18582

Url: http://www.novell.com/linux/security/advisories/2005_29_sr.html

Url: http://secunia.com/advisories/18061

Url: https://issues.rpath.com/browse/RPL-1609

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html

Url: http://secunia.com/advisories/18549

Url: http://secunia.com/advisories/18428

Url: http://secunia.com/advisories/17976

Url: http://secunia.com/advisories/18303

Url: http://securitytracker.com/id?1015324

Url: http://secunia.com/advisories/18147

Url: http://secunia.com/advisories/18389

Url: http://www.securityfocus.com/bid/15726

Url: http://secunia.com/advisories/18398

Url: http://www.securityfocus.com/bid/15727

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3191

Url: http://secunia.com/advisories/17908

Url: http://www.vupen.com/english/advisories/2007/2280

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/23444

Url: http://secunia.com/advisories/18436

Url: http://secunia.com/advisories/18679

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/23443

Url: http://secunia.com/advisories/18313

Url: http://secunia.com/advisories/18674

Url: http://secunia.com/advisories/18554

Url: http://secunia.com/advisories/18675

Url: http://secunia.com/advisories/19377

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3191

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt

Url: ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

Url: http://www.debian.org/security/2005/dsa-940

Url: http://securityreason.com/securityalert/234

Url: http://www.debian.org/security/2006/dsa-962

Url: http://secunia.com/advisories/18407

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html

Url: http://securityreason.com/securityalert/233

Url: http://www.debian.org/security/2006/dsa-961

Url: http://secunia.com/advisories/18009

Url: http://www.trustix.org/errata/2005/0072/

Url: http://secunia.com/advisories/17955

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

Url: http://www.kde.org/info/security/advisory-20051207-2.txt

Url: ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

Url: ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

Url: http://www.redhat.com/support/errata/RHSA-2006-0160.html

Url: http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities

Url: http://www.debian.org/security/2005/dsa-932

Url: http://www.debian.org/security/2005/dsa-931

Url: http://www.debian.org/security/2006/dsa-950

Url: http://secunia.com/advisories/18416

Url: http://www.vupen.com/english/advisories/2005/2786

Url: http://www.securityfocus.com/archive/1/418883/100/0/threaded

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289

Url: http://www.vupen.com/english/advisories/2005/2788

Url: http://www.debian.org/security/2005/dsa-938

Url: http://www.debian.org/security/2005/dsa-937

Url: http://www.vupen.com/english/advisories/2005/2787

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

Url: http://www.vupen.com/english/advisories/2005/2789

Url: http://secunia.com/advisories/18534

Url: http://secunia.com/advisories/18387

Url: http://www.vupen.com/english/advisories/2005/2790

Url: http://secunia.com/advisories/18385

Url: http://secunia.com/advisories/19230

Url: http://secunia.com/advisories/18380

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

Url: http://www.securityfocus.com/archive/1/427053/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

Url: http://secunia.com/advisories/18908

Url: http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities

Url: http://secunia.com/advisories/17897

Url: http://www.redhat.com/support/errata/RHSA-2005-878.html

Url: http://secunia.com/advisories/18349

Url: http://secunia.com/advisories/18503

Url: http://secunia.com/advisories/19798

Url: http://secunia.com/advisories/19797

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

Url: http://secunia.com/advisories/18191

Url: http://secunia.com/advisories/18192

Url: http://rhn.redhat.com/errata/RHSA-2005-868.html

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html

Url: http://secunia.com/advisories/18517

Url: http://secunia.com/advisories/18913

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html

Url: http://secunia.com/advisories/17940

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9760

Url: http://www.debian.org/security/2006/dsa-936

Url: http://www.ubuntulinux.org/usn/usn-227-1

Url: http://secunia.com/advisories/25729

Url: http://secunia.com/advisories/26413

Url: https://www.mend.io/vulnerability-database/CVE-2005-3191

Severity Score

5.6

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us