what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2005-3191

Status Candidate

Overview

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.

Related Files

Debian Linux Security Advisory 962-1
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 962-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 6fa70a3b6a6f9fb83291fc505e7022559c6acf11137079cda7a3ba7a7d9cb364
Debian Linux Security Advisory 961-1
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 961-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 5043533427927678e995928343a8d90491370c45eda0582ade3e70b36444ccb4
Debian Linux Security Advisory 937-1
Posted Jan 15, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 937-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | cdc9ec56d3dcb6f9b94ad26d56a66168bd2d076d82981f4c60ca29a34219df94
Debian Linux Security Advisory 936-1
Posted Jan 12, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-2097, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 05aa3a9e1b59b0e2922805f67a2a0515ad4a563507ef62f6b197bfe5c1fadfe6
Debian Linux Security Advisory 931-1
Posted Jan 10, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 931-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | a51d43d11bcb80943a4cc66dcd5742c251907b7bee80f5542ce88d1aaa097349
Gentoo Linux Security Advisory 200601-2
Posted Jan 5, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200601-02 - KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans. Versions less than 3.4.3-r3 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
SHA-256 | e5871f11a14ccc8bf814940f1aa3bd6f0bdb40a75a70a8b075904696015397a5
KDE Security Advisory 2005-12-07.1
Posted Dec 14, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
SHA-256 | 0cee893dafaf137d0d32568c4d2e63ba6261d97c0a2ff9d758266004c900237b
iDEFENSE Security Advisory 2005-12-05.3
Posted Dec 9, 2005
Authored by iDefense Labs, infamous41md | Site idefense.com

iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by multiple vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the DCT stream parsing code. The DCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the value of numComps from user-controllable data from within the PDF file. The numComps value is used in a loop to copy data from the file into a pre-allocated buffer in the heap. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.

tags | advisory, denial of service, overflow, arbitrary, local, code execution
advisories | CVE-2005-3191
SHA-256 | c6103f732bea5f0f3b3c1eccfb9724f0b4ae65ebb4bcbf19c83b3651216ae70d
iDEFENSE Security Advisory 2005-12-05.2
Posted Dec 9, 2005
Authored by iDefense Labs, infamous41md | Site idefense.com

iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included in various vendors' operating system distributions, could allow attackers to cause a denial of service condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the DCT stream parsing code. The DCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the value of numComps from user-controllable data from within the PDF file. The numComps value is used in a loop to copy data from the file into a pre-allocated buffer in the heap. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.

tags | advisory, denial of service, overflow, arbitrary, local, code execution
advisories | CVE-2005-3191
SHA-256 | 1f21cf2f6e75e6932a8bc024b1576bb7b23fa3741017033cc4d840230b9e6e54
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close