CVE-2005-3193
Last modified
CVE-2005-3193 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.. EPSS estimates a 4.08% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xpdf | Xpdf | 0.90 |
| Xpdf | Xpdf | 0.91 |
| Xpdf | Xpdf | 0.92 |
| Xpdf | Xpdf | 0.93 |
| Xpdf | Xpdf | 1.0 |
| Xpdf | Xpdf | 1.0a |
| Xpdf | Xpdf | 1.1 |
| Xpdf | Xpdf | 2.0 |
| Xpdf | Xpdf | 2.1 |
| Xpdf | Xpdf | 2.2 |
| Xpdf | Xpdf | 2.3 |
| Xpdf | Xpdf | 3.0 |
| Xpdf | Xpdf | 3.0.1 |
| Xpdf | Xpdf | 3.0_pl2 |
| Xpdf | Xpdf | 3.0_pl3 |
References
- http://secunia.com/advisories/17897Vendor Advisory
- http://secunia.com/advisories/17912Vendor Advisory
- http://secunia.com/advisories/17916Vendor Advisory
- http://secunia.com/advisories/17920Vendor Advisory
- http://secunia.com/advisories/17926Vendor Advisory
- http://secunia.com/advisories/17929Vendor Advisory
- http://secunia.com/advisories/17940Vendor Advisory
- http://secunia.com/advisories/17976Vendor Advisory
- http://secunia.com/advisories/18009Vendor Advisory
- http://secunia.com/advisories/18055Vendor Advisory
- http://secunia.com/advisories/18061Vendor Advisory
- http://secunia.com/advisories/18189Vendor Advisory
- http://secunia.com/advisories/18191Vendor Advisory
- http://secunia.com/advisories/18192Vendor Advisory
- http://secunia.com/advisories/18313Vendor Advisory
- http://secunia.com/advisories/18336Vendor Advisory
- http://secunia.com/advisories/18349Vendor Advisory
- http://secunia.com/advisories/18385Vendor Advisory
- http://secunia.com/advisories/18387Vendor Advisory
- http://secunia.com/advisories/18389Vendor Advisory
- http://secunia.com/advisories/18398Vendor Advisory
- http://secunia.com/advisories/18416Vendor Advisory
- http://secunia.com/advisories/18448Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-840.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-867.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-878.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0160.htmlVendor Advisory
- http://secunia.com/advisories/17897Vendor Advisory
- http://secunia.com/advisories/17912Vendor Advisory
- http://secunia.com/advisories/17916Vendor Advisory
- http://secunia.com/advisories/17920Vendor Advisory
- http://secunia.com/advisories/17926Vendor Advisory
- http://secunia.com/advisories/17929Vendor Advisory
- http://secunia.com/advisories/17940Vendor Advisory
- http://secunia.com/advisories/17976Vendor Advisory
- http://secunia.com/advisories/18009Vendor Advisory
- http://secunia.com/advisories/18055Vendor Advisory
- http://secunia.com/advisories/18061Vendor Advisory
- http://secunia.com/advisories/18189Vendor Advisory
- http://secunia.com/advisories/18191Vendor Advisory
- http://secunia.com/advisories/18192Vendor Advisory
- http://secunia.com/advisories/18313Vendor Advisory
- http://secunia.com/advisories/18336Vendor Advisory
- http://secunia.com/advisories/18349Vendor Advisory
- http://secunia.com/advisories/18385Vendor Advisory
- http://secunia.com/advisories/18387Vendor Advisory
- http://secunia.com/advisories/18389Vendor Advisory
- http://secunia.com/advisories/18398Vendor Advisory
- http://secunia.com/advisories/18416Vendor Advisory
- http://secunia.com/advisories/18448Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-840.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-867.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-878.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0160.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-3193?
How severe is CVE-2005-3193?
How do I fix CVE-2005-3193?
Are you affected by CVE-2005-3193?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST