Home > Vulnerability Database > CVE-2005-3625

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-3625

Date: January 6, 2006

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Severity Score

9.8

Related Resources (88)

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3625

Url: ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

Url: http://www.debian.org/security/2005/dsa-940

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Url: http://www.debian.org/security/2006/dsa-962

Url: http://secunia.com/advisories/18407

Url: http://www.debian.org/security/2006/dsa-961

Url: http://secunia.com/advisories/18329

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html

Url: http://secunia.com/advisories/18448

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

Url: http://secunia.com/advisories/18644

Url: http://secunia.com/advisories/18642

Url: http://www.securityfocus.com/archive/1/427990/100/0/threaded

Url: http://secunia.com/advisories/18375

Url: http://secunia.com/advisories/18332

Url: http://secunia.com/advisories/18373

Url: http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Url: http://www.kde.org/info/security/advisory-20051207-2.txt

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

Url: ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

Url: ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

Url: http://www.redhat.com/support/errata/RHSA-2006-0160.html

Url: http://www.securityfocus.com/bid/16143

Url: http://www.debian.org/security/2005/dsa-932

Url: http://www.debian.org/security/2005/dsa-931

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html

Url: http://www.debian.org/security/2006/dsa-950

Url: http://secunia.com/advisories/18416

Url: http://secunia.com/advisories/18414

Url: http://www.debian.org/security/2005/dsa-938

Url: http://www.debian.org/security/2005/dsa-937

Url: http://secunia.com/advisories/18338

Url: http://secunia.com/advisories/18335

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

Url: http://secunia.com/advisories/18534

Url: http://secunia.com/advisories/18334

Url: http://secunia.com/advisories/18463

Url: http://secunia.com/advisories/18387

Url: http://www.trustix.org/errata/2006/0002/

Url: http://secunia.com/advisories/18582

Url: http://secunia.com/advisories/18385

Url: http://secunia.com/advisories/19230

Url: http://secunia.com/advisories/18380

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

Url: http://www.securityfocus.com/archive/1/427053/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

Url: http://secunia.com/advisories/18908

Url: http://secunia.com/advisories/18428

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3625

Url: http://secunia.com/advisories/18425

Url: http://secunia.com/advisories/18349

Url: http://secunia.com/advisories/18423

Url: http://secunia.com/advisories/18303

Url: http://secunia.com/advisories/18147

Url: http://secunia.com/advisories/18389

Url: http://secunia.com/advisories/18398

Url: http://scary.beasts.org/security/CESA-2005-003.txt

Url: http://rhn.redhat.com/errata/RHSA-2006-0177.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

Url: https://usn.ubuntu.com/236-1/

Url: http://www.redhat.com/support/errata/RHSA-2006-0163.html

Url: http://www.vupen.com/english/advisories/2007/2280

Url: http://secunia.com/advisories/18517

Url: http://secunia.com/advisories/18913

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

Url: http://secunia.com/advisories/18436

Url: http://secunia.com/advisories/18679

Url: http://secunia.com/advisories/18313

Url: http://secunia.com/advisories/18674

Url: http://secunia.com/advisories/18312

Url: http://secunia.com/advisories/18554

Url: http://www.debian.org/security/2006/dsa-936

Url: http://secunia.com/advisories/18675

Url: http://secunia.com/advisories/19377

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24023

Url: http://secunia.com/advisories/25729

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Url: http://www.vupen.com/english/advisories/2006/0047

Url: https://www.mend.io/vulnerability-database/CVE-2005-3625

Severity Score

9.8

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us