Home > Vulnerability Database > CVE-2005-3192

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-3192

Date: December 7, 2005

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

Severity Score

7.3

Related Resources (115)

Url: http://secunia.com/advisories/17916

Url: http://securitytracker.com/id?1015309

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Url: http://secunia.com/advisories/17912

Url: http://www.redhat.com/support/errata/RHSA-2005-867.html

Url: http://www.kde.org/info/security/advisory-20051207-1.txt

Url: http://secunia.com/advisories/18448

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Url: http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml

Url: http://www.vupen.com/english/advisories/2005/2856

Url: http://www.securityfocus.com/archive/1/427990/100/0/threaded

Url: http://secunia.com/advisories/18055

Url: http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Url: http://www.novell.com/linux/security/advisories/2006_02_sr.html

Url: http://www.redhat.com/support/errata/RHSA-2005-840.html

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt

Url: http://secunia.com/advisories/17929

Url: http://secunia.com/advisories/17926

Url: http://secunia.com/advisories/17920

Url: http://secunia.com/advisories/17921

Url: http://secunia.com/advisories/18336

Url: http://secunia.com/advisories/18189

Url: http://secunia.com/advisories/18582

Url: http://www.novell.com/linux/security/advisories/2005_29_sr.html

Url: http://secunia.com/advisories/18061

Url: https://issues.rpath.com/browse/RPL-1609

Url: http://secunia.com/advisories/17897/

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html

Url: http://secunia.com/advisories/18549

Url: http://secunia.com/advisories/18428

Url: http://www.vupen.com/english/advisories/2005/2755

Url: http://secunia.com/advisories/17976

Url: http://secunia.com/advisories/18303

Url: http://securitytracker.com/id?1015324

Url: http://secunia.com/advisories/18389

Url: http://secunia.com/advisories/18398

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10914

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3192

Url: http://www.securityfocus.com/bid/15725

Url: http://secunia.com/advisories/17908

Url: http://www.vupen.com/english/advisories/2007/2280

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/23442

Url: http://secunia.com/advisories/18436

Url: http://secunia.com/advisories/18679

Url: http://secunia.com/advisories/18313

Url: http://secunia.com/advisories/18674

Url: http://secunia.com/advisories/18554

Url: http://secunia.com/advisories/18675

Url: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch

Url: http://secunia.com/advisories/19377

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3192

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt

Url: ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

Url: http://securityreason.com/securityalert/235

Url: http://www.debian.org/security/2006/dsa-962

Url: http://secunia.com/advisories/18407

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html

Url: http://www.debian.org/security/2006/dsa-961

Url: http://secunia.com/advisories/18009

Url: http://www.trustix.org/errata/2005/0072/

Url: http://secunia.com/advisories/17955

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

Url: http://www.kde.org/info/security/advisory-20051207-2.txt

Url: ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

Url: ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

Url: http://www.redhat.com/support/errata/RHSA-2006-0160.html

Url: http://www.debian.org/security/2005/dsa-932

Url: http://www.debian.org/security/2005/dsa-931

Url: http://www.debian.org/security/2006/dsa-950

Url: http://secunia.com/advisories/18416

Url: http://www.vupen.com/english/advisories/2005/2786

Url: http://www.securityfocus.com/archive/1/418883/100/0/threaded

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289

Url: http://www.vupen.com/english/advisories/2005/2788

Url: http://www.vupen.com/english/advisories/2005/2787

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

Url: http://www.vupen.com/english/advisories/2005/2789

Url: http://secunia.com/advisories/18534

Url: http://secunia.com/advisories/18387

Url: http://www.vupen.com/english/advisories/2005/2790

Url: http://secunia.com/advisories/18385

Url: http://secunia.com/advisories/19230

Url: http://secunia.com/advisories/18380

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

Url: http://www.securityfocus.com/archive/1/427053/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

Url: http://secunia.com/advisories/18908

Url: http://www.redhat.com/support/errata/RHSA-2005-878.html

Url: http://secunia.com/advisories/18349

Url: http://secunia.com/advisories/18503

Url: http://secunia.com/advisories/19798

Url: http://secunia.com/advisories/19797

Url: http://scary.beasts.org/security/CESA-2005-003.txt

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

Url: http://secunia.com/advisories/18191

Url: http://secunia.com/advisories/18192

Url: http://rhn.redhat.com/errata/RHSA-2005-868.html

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html

Url: http://secunia.com/advisories/18517

Url: http://secunia.com/advisories/18913

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html

Url: http://securityreason.com/securityalert/240

Url: http://secunia.com/advisories/17940

Url: http://www.debian.org/security/2006/dsa-937

Url: http://www.debian.org/security/2006/dsa-936

Url: http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities

Url: http://www.ubuntulinux.org/usn/usn-227-1

Url: http://secunia.com/advisories/25729

Url: http://secunia.com/advisories/26413

Url: https://www.mend.io/vulnerability-database/CVE-2005-3192

Severity Score

7.3

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us