CVE-2005-3627
UnknownEPSS 5.57%
Last modified
CVE-2005-3627 is a vulnerability of currently unknown severity. Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.. EPSS estimates a 5.57% chance of exploitation in the next 30 days.
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xpdf | Xpdf | All versions |
References
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlPatch, Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2006-0177.htmlPatch, Vendor Advisory
- http://scary.beasts.org/security/CESA-2005-003.txtExploit, Vendor Advisory
- http://secunia.com/advisories/18303Patch, Vendor Advisory
- http://secunia.com/advisories/18312Patch, Vendor Advisory
- http://secunia.com/advisories/18313Patch, Vendor Advisory
- http://secunia.com/advisories/18329Vendor Advisory
- http://secunia.com/advisories/18332Vendor Advisory
- http://secunia.com/advisories/18334Patch, Vendor Advisory
- http://secunia.com/advisories/18335Patch, Vendor Advisory
- http://secunia.com/advisories/18338Patch, Vendor Advisory
- http://secunia.com/advisories/18349Patch, Vendor Advisory
- http://secunia.com/advisories/18375Vendor Advisory
- http://secunia.com/advisories/18385Patch, Vendor Advisory
- http://secunia.com/advisories/18387Patch, Vendor Advisory
- http://secunia.com/advisories/18389Patch, Vendor Advisory
- http://secunia.com/advisories/18398Patch, Vendor Advisory
- http://secunia.com/advisories/18407Patch, Vendor Advisory
- http://secunia.com/advisories/18416Patch, Vendor Advisory
- http://secunia.com/advisories/18423Patch, Vendor Advisory
- http://secunia.com/advisories/18448Patch, Vendor Advisory
- http://secunia.com/advisories/18517Patch, Vendor Advisory
- http://secunia.com/advisories/18534Patch, Vendor Advisory
- http://secunia.com/advisories/18554Patch, Vendor Advisory
- http://secunia.com/advisories/18582Patch, Vendor Advisory
- http://secunia.com/advisories/18642Vendor Advisory
- http://secunia.com/advisories/18644Vendor Advisory
- http://secunia.com/advisories/18674Vendor Advisory
- http://secunia.com/advisories/18675Vendor Advisory
- http://secunia.com/advisories/18679Vendor Advisory
- http://secunia.com/advisories/18908Vendor Advisory
- http://www.debian.org/security/2006/dsa-936Patch, Vendor Advisory
- http://www.debian.org/security/2006/dsa-950Patch, Vendor Advisory
- http://www.debian.org/security/2006/dsa-961Patch, Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200601-02.xmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0160.htmlPatch, Vendor Advisory
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlPatch, Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2006-0177.htmlPatch, Vendor Advisory
- http://scary.beasts.org/security/CESA-2005-003.txtExploit, Vendor Advisory
- http://secunia.com/advisories/18303Patch, Vendor Advisory
- http://secunia.com/advisories/18312Patch, Vendor Advisory
- http://secunia.com/advisories/18313Patch, Vendor Advisory
- http://secunia.com/advisories/18329Vendor Advisory
- http://secunia.com/advisories/18332Vendor Advisory
- http://secunia.com/advisories/18334Patch, Vendor Advisory
- http://secunia.com/advisories/18335Patch, Vendor Advisory
- http://secunia.com/advisories/18338Patch, Vendor Advisory
- http://secunia.com/advisories/18349Patch, Vendor Advisory
- http://secunia.com/advisories/18375Vendor Advisory
- http://secunia.com/advisories/18385Patch, Vendor Advisory
- http://secunia.com/advisories/18387Patch, Vendor Advisory
- http://secunia.com/advisories/18389Patch, Vendor Advisory
- http://secunia.com/advisories/18398Patch, Vendor Advisory
- http://secunia.com/advisories/18407Patch, Vendor Advisory
- http://secunia.com/advisories/18416Patch, Vendor Advisory
- http://secunia.com/advisories/18423Patch, Vendor Advisory
- http://secunia.com/advisories/18448Patch, Vendor Advisory
- http://secunia.com/advisories/18517Patch, Vendor Advisory
- http://secunia.com/advisories/18534Patch, Vendor Advisory
- http://secunia.com/advisories/18554Patch, Vendor Advisory
- http://secunia.com/advisories/18582Patch, Vendor Advisory
- http://secunia.com/advisories/18642Vendor Advisory
- http://secunia.com/advisories/18644Vendor Advisory
- http://secunia.com/advisories/18674Vendor Advisory
- http://secunia.com/advisories/18675Vendor Advisory
- http://secunia.com/advisories/18679Vendor Advisory
- http://secunia.com/advisories/18908Vendor Advisory
- http://www.debian.org/security/2006/dsa-936Patch, Vendor Advisory
- http://www.debian.org/security/2006/dsa-950Patch, Vendor Advisory
- http://www.debian.org/security/2006/dsa-961Patch, Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200601-02.xmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0160.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-3627?
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
How severe is CVE-2005-3627?
Severity scoring for CVE-2005-3627 is pending analysis. The EPSS model estimates a 5.57% probability of exploitation in the next 30 days.
How do I fix CVE-2005-3627?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2005-3627?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST