Home > Vulnerability Database > CVE-2005-3193

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-3193

Date: December 6, 2005

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

Severity Score

5.6

Related Resources (114)

Url: http://secunia.com/advisories/17916

Url: http://securitytracker.com/id?1015309

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Url: http://secunia.com/advisories/17912

Url: http://www.redhat.com/support/errata/RHSA-2005-867.html

Url: http://www.kde.org/info/security/advisory-20051207-1.txt

Url: http://secunia.com/advisories/18448

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Url: http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml

Url: http://www.vupen.com/english/advisories/2005/2856

Url: http://www.securityfocus.com/archive/1/427990/100/0/threaded

Url: http://secunia.com/advisories/18055

Url: http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Url: http://www.redhat.com/support/errata/RHSA-2005-840.html

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt

Url: http://secunia.com/advisories/17929

Url: http://secunia.com/advisories/17926

Url: http://secunia.com/advisories/17920

Url: http://secunia.com/advisories/18336

Url: http://secunia.com/advisories/18189

Url: http://secunia.com/advisories/18582

Url: http://www.novell.com/linux/security/advisories/2005_29_sr.html

Url: http://secunia.com/advisories/18061

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html

Url: https://issues.rpath.com/browse/RPL-1609

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html

Url: http://secunia.com/advisories/17976

Url: http://secunia.com/advisories/18303

Url: http://securitytracker.com/id?1015324

Url: http://secunia.com/advisories/18147

Url: http://secunia.com/advisories/18389

Url: http://secunia.com/advisories/18398

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html

Url: http://www.securityfocus.com/bid/15721

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3193

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440

Url: http://www.vupen.com/english/advisories/2007/2280

Url: http://secunia.com/advisories/18679

Url: http://secunia.com/advisories/18313

Url: http://secunia.com/advisories/18674

Url: http://secunia.com/advisories/19125

Url: http://secunia.com/advisories/18554

Url: http://secunia.com/advisories/18675

Url: http://secunia.com/advisories/19377

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3193

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt

Url: http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true

Url: ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

Url: http://securityreason.com/securityalert/236

Url: http://www.debian.org/security/2005/dsa-940

Url: http://secunia.com/advisories/17956

Url: http://secunia.com/advisories/17959

Url: http://www.debian.org/security/2006/dsa-962

Url: http://secunia.com/advisories/18407

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html

Url: http://www.debian.org/security/2006/dsa-961

Url: http://secunia.com/advisories/18009

Url: http://www.trustix.org/errata/2005/0072/

Url: http://secunia.com/advisories/17955

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

Url: http://secunia.com/advisories/18520

Url: http://www.kde.org/info/security/advisory-20051207-2.txt

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/23441

Url: ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

Url: ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

Url: http://www.redhat.com/support/errata/RHSA-2006-0160.html

Url: http://www.debian.org/security/2005/dsa-932

Url: http://www.debian.org/security/2005/dsa-931

Url: http://www.debian.org/security/2006/dsa-950

Url: http://secunia.com/advisories/18416

Url: http://www.securityfocus.com/archive/1/418883/100/0/threaded

Url: http://www.debian.org/security/2005/dsa-938

Url: http://www.debian.org/security/2005/dsa-937

Url: http://www.vupen.com/english/advisories/2005/2787

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

Url: http://www.vupen.com/english/advisories/2005/2789

Url: http://secunia.com/advisories/18534

Url: http://secunia.com/advisories/18387

Url: http://www.vupen.com/english/advisories/2005/2790

Url: http://secunia.com/advisories/18385

Url: http://secunia.com/advisories/19230

Url: http://secunia.com/advisories/18380

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

Url: http://www.securityfocus.com/archive/1/427053/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

Url: http://secunia.com/advisories/18908

Url: http://secunia.com/advisories/17897

Url: http://www.redhat.com/support/errata/RHSA-2005-878.html

Url: http://secunia.com/advisories/18349

Url: http://secunia.com/advisories/19798

Url: http://secunia.com/advisories/19797

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

Url: http://secunia.com/advisories/18191

Url: http://secunia.com/advisories/18192

Url: http://rhn.redhat.com/errata/RHSA-2005-868.html

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html

Url: http://secunia.com/advisories/18517

Url: http://secunia.com/advisories/18913

Url: http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html

Url: http://secunia.com/advisories/17940

Url: http://www.debian.org/security/2006/dsa-936

Url: http://www.ubuntulinux.org/usn/usn-227-1

Url: http://secunia.com/advisories/25729

Url: http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml

Url: http://secunia.com/advisories/26413

Url: https://www.mend.io/vulnerability-database/CVE-2005-3193

Severity Score

5.6

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us