Home > Vulnerability Database > CVE-2005-3627

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-3627

Date: January 6, 2006

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Severity Score

7.3

Related Resources (89)

Url: ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

Url: http://www.debian.org/security/2005/dsa-940

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Url: http://www.debian.org/security/2006/dsa-962

Url: http://secunia.com/advisories/18407

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3627

Url: http://www.debian.org/security/2006/dsa-961

Url: http://secunia.com/advisories/18329

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html

Url: http://secunia.com/advisories/18448

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

Url: http://secunia.com/advisories/18644

Url: http://secunia.com/advisories/18642

Url: http://www.securityfocus.com/archive/1/427990/100/0/threaded

Url: http://secunia.com/advisories/18375

Url: http://secunia.com/advisories/18332

Url: http://secunia.com/advisories/18373

Url: http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Url: http://www.kde.org/info/security/advisory-20051207-2.txt

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

Url: ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

Url: ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

Url: http://www.redhat.com/support/errata/RHSA-2006-0160.html

Url: http://www.securityfocus.com/bid/16143

Url: http://www.debian.org/security/2005/dsa-932

Url: http://www.debian.org/security/2005/dsa-931

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html

Url: http://www.debian.org/security/2006/dsa-950

Url: http://secunia.com/advisories/18416

Url: http://secunia.com/advisories/18414

Url: http://www.debian.org/security/2005/dsa-938

Url: http://www.debian.org/security/2005/dsa-937

Url: http://secunia.com/advisories/18338

Url: http://secunia.com/advisories/18335

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

Url: http://secunia.com/advisories/18534

Url: http://secunia.com/advisories/18334

Url: http://secunia.com/advisories/18463

Url: http://secunia.com/advisories/18387

Url: http://www.trustix.org/errata/2006/0002/

Url: http://secunia.com/advisories/18582

Url: http://secunia.com/advisories/18385

Url: http://secunia.com/advisories/19230

Url: http://secunia.com/advisories/18380

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

Url: http://www.securityfocus.com/archive/1/427053/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

Url: http://secunia.com/advisories/18908

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200

Url: http://secunia.com/advisories/18428

Url: http://secunia.com/advisories/18425

Url: http://secunia.com/advisories/18349

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24025

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3627

Url: http://secunia.com/advisories/18423

Url: http://secunia.com/advisories/18303

Url: http://secunia.com/advisories/18147

Url: http://secunia.com/advisories/18389

Url: http://secunia.com/advisories/18398

Url: http://scary.beasts.org/security/CESA-2005-003.txt

Url: http://rhn.redhat.com/errata/RHSA-2006-0177.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

Url: https://usn.ubuntu.com/236-1/

Url: http://www.redhat.com/support/errata/RHSA-2006-0163.html

Url: http://www.vupen.com/english/advisories/2007/2280

Url: http://secunia.com/advisories/18517

Url: http://secunia.com/advisories/18913

Url: http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

Url: http://secunia.com/advisories/18436

Url: http://secunia.com/advisories/18679

Url: http://secunia.com/advisories/18313

Url: http://secunia.com/advisories/18674

Url: http://secunia.com/advisories/18312

Url: http://secunia.com/advisories/18554

Url: http://www.debian.org/security/2006/dsa-936

Url: http://secunia.com/advisories/18675

Url: http://secunia.com/advisories/19377

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24024

Url: http://secunia.com/advisories/25729

Url: http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Url: http://www.vupen.com/english/advisories/2006/0047

Url: https://www.mend.io/vulnerability-database/CVE-2005-3627

Severity Score

7.3

Weakness Type (CWE)

Buffer Errors

CWE-119

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us