CVE-2005-3191
Last modified
CVE-2005-3191 is a vulnerability of currently unknown severity. Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.. EPSS estimates a 4.08% chance of exploitation in the next 30 days.
Description
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xpdf | Xpdf | 0.90 |
| Xpdf | Xpdf | 0.91 |
| Xpdf | Xpdf | 0.92 |
| Xpdf | Xpdf | 0.93 |
| Xpdf | Xpdf | 1.0 |
| Xpdf | Xpdf | 1.0a |
| Xpdf | Xpdf | 1.1 |
| Xpdf | Xpdf | 2.0 |
| Xpdf | Xpdf | 2.1 |
| Xpdf | Xpdf | 2.2 |
| Xpdf | Xpdf | 2.3 |
| Xpdf | Xpdf | 3.0 |
| Xpdf | Xpdf | 3.0.1 |
| Xpdf | Xpdf | 3.0_pl2 |
| Xpdf | Xpdf | 3.0_pl3 |
References
- http://rhn.redhat.com/errata/RHSA-2005-868.htmlVendor Advisory
- http://secunia.com/advisories/17897Vendor Advisory
- http://secunia.com/advisories/17908Vendor Advisory
- http://secunia.com/advisories/17912Vendor Advisory
- http://secunia.com/advisories/17916Vendor Advisory
- http://secunia.com/advisories/17920Vendor Advisory
- http://secunia.com/advisories/17921Vendor Advisory
- http://secunia.com/advisories/17926Vendor Advisory
- http://secunia.com/advisories/17929Vendor Advisory
- http://secunia.com/advisories/17940Vendor Advisory
- http://secunia.com/advisories/17976Vendor Advisory
- http://secunia.com/advisories/18009Vendor Advisory
- http://secunia.com/advisories/18055Vendor Advisory
- http://secunia.com/advisories/18061Vendor Advisory
- http://secunia.com/advisories/18189Vendor Advisory
- http://secunia.com/advisories/18191Vendor Advisory
- http://secunia.com/advisories/18192Vendor Advisory
- http://secunia.com/advisories/18313Vendor Advisory
- http://secunia.com/advisories/18336Vendor Advisory
- http://secunia.com/advisories/18349Vendor Advisory
- http://secunia.com/advisories/18385Vendor Advisory
- http://secunia.com/advisories/18387Vendor Advisory
- http://secunia.com/advisories/18416Vendor Advisory
- http://www.idefense.com/application/poi/display?id=342&type=vulnerabilitiesPatch, Vendor Advisory
- http://www.idefense.com/application/poi/display?id=343&type=vulnerabilitiesPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-840.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-867.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-878.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2005-868.htmlVendor Advisory
- http://secunia.com/advisories/17897Vendor Advisory
- http://secunia.com/advisories/17908Vendor Advisory
- http://secunia.com/advisories/17912Vendor Advisory
- http://secunia.com/advisories/17916Vendor Advisory
- http://secunia.com/advisories/17920Vendor Advisory
- http://secunia.com/advisories/17921Vendor Advisory
- http://secunia.com/advisories/17926Vendor Advisory
- http://secunia.com/advisories/17929Vendor Advisory
- http://secunia.com/advisories/17940Vendor Advisory
- http://secunia.com/advisories/17976Vendor Advisory
- http://secunia.com/advisories/18009Vendor Advisory
- http://secunia.com/advisories/18055Vendor Advisory
- http://secunia.com/advisories/18061Vendor Advisory
- http://secunia.com/advisories/18189Vendor Advisory
- http://secunia.com/advisories/18191Vendor Advisory
- http://secunia.com/advisories/18192Vendor Advisory
- http://secunia.com/advisories/18313Vendor Advisory
- http://secunia.com/advisories/18336Vendor Advisory
- http://secunia.com/advisories/18349Vendor Advisory
- http://secunia.com/advisories/18385Vendor Advisory
- http://secunia.com/advisories/18387Vendor Advisory
- http://secunia.com/advisories/18416Vendor Advisory
- http://www.idefense.com/application/poi/display?id=342&type=vulnerabilitiesPatch, Vendor Advisory
- http://www.idefense.com/application/poi/display?id=343&type=vulnerabilitiesPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-840.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-867.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-878.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-3191?
How severe is CVE-2005-3191?
How do I fix CVE-2005-3191?
Are you affected by CVE-2005-3191?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST