CVE-2005-0064

Name: CVE-2005-0064
Creator: NVD / NIST
Published: 2005-05-02T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.22%

Last modified Jun 16, 2026

CVE-2005-0064 is a vulnerability of currently unknown severity. Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.. EPSS estimates a 7.22% chance of exploitation in the next 30 days.

Description

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Metrics

EPSS Probability

7.22%

93.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Xpdf	Xpdf	0.2
Xpdf	Xpdf	0.3
Xpdf	Xpdf	0.4
Xpdf	Xpdf	0.5
Xpdf	Xpdf	0.5a
Xpdf	Xpdf	0.6
Xpdf	Xpdf	0.7
Xpdf	Xpdf	0.7a
Xpdf	Xpdf	0.80
Xpdf	Xpdf	0.90
Xpdf	Xpdf	0.91
Xpdf	Xpdf	0.91a
Xpdf	Xpdf	0.91b
Xpdf	Xpdf	0.91c
Xpdf	Xpdf	0.92
Xpdf	Xpdf	0.92a
Xpdf	Xpdf	0.92b
Xpdf	Xpdf	0.92c
Xpdf	Xpdf	0.92d
Xpdf	Xpdf	0.92e
Xpdf	Xpdf	0.93
Xpdf	Xpdf	0.93a
Xpdf	Xpdf	0.93b
Xpdf	Xpdf	0.93c
Xpdf	Xpdf	1.0
Xpdf	Xpdf	1.0a
Xpdf	Xpdf	1.1
Xpdf	Xpdf	2.0
Xpdf	Xpdf	2.1
Xpdf	Xpdf	2.2
Xpdf	Xpdf	2.3
Xpdf	Xpdf	3.0

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patchPatch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921Patch, Vendor Advisory
http://marc.info/?l=bugtraq&m=110625368019554&w=2
http://secunia.com/advisories/17277
http://www.debian.org/security/2005/dsa-645Patch, Vendor Advisory
http://www.debian.org/security/2005/dsa-648Patch, Vendor Advisory
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilitiesExploit, Patch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-053.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-057.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-059.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-066.htmlPatch, Vendor Advisory
http://www.trustix.org/errata/2005/0003/Patch, Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2352Patch, Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2353Patch, Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781
https://security.gentoo.org/glsa/200501-28
https://security.gentoo.org/glsa/200502-10
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patchPatch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921Patch, Vendor Advisory
http://marc.info/?l=bugtraq&m=110625368019554&w=2
http://secunia.com/advisories/17277
http://www.debian.org/security/2005/dsa-645Patch, Vendor Advisory
http://www.debian.org/security/2005/dsa-648Patch, Vendor Advisory
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilitiesExploit, Patch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-053.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-057.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-059.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-066.htmlPatch, Vendor Advisory
http://www.trustix.org/errata/2005/0003/Patch, Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2352Patch, Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2353Patch, Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781
https://security.gentoo.org/glsa/200501-28
https://security.gentoo.org/glsa/200502-10

Timeline

Published: May 2, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-0064?

How severe is CVE-2005-0064?

Severity scoring for CVE-2005-0064 is pending analysis. The EPSS model estimates a 7.22% probability of exploitation in the next 30 days.

How do I fix CVE-2005-0064?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-0064?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST