exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2005-3193

Status Candidate

Overview

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

Related Files

Debian Linux Security Advisory 962-1
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 962-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 6fa70a3b6a6f9fb83291fc505e7022559c6acf11137079cda7a3ba7a7d9cb364
Debian Linux Security Advisory 961-1
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 961-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 5043533427927678e995928343a8d90491370c45eda0582ade3e70b36444ccb4
Debian Linux Security Advisory 936-1
Posted Jan 12, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-2097, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 05aa3a9e1b59b0e2922805f67a2a0515ad4a563507ef62f6b197bfe5c1fadfe6
Debian Linux Security Advisory 931-1
Posted Jan 10, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 931-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | a51d43d11bcb80943a4cc66dcd5742c251907b7bee80f5542ce88d1aaa097349
Gentoo Linux Security Advisory 200601-2
Posted Jan 5, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200601-02 - KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans. Versions less than 3.4.3-r3 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
SHA-256 | e5871f11a14ccc8bf814940f1aa3bd6f0bdb40a75a70a8b075904696015397a5
KDE Security Advisory 2005-12-07.1
Posted Dec 14, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193
SHA-256 | 0cee893dafaf137d0d32568c4d2e63ba6261d97c0a2ff9d758266004c900237b
iDEFENSE Security Advisory 2005-12-05.1
Posted Dec 9, 2005
Authored by iDefense Labs, infamous41md | Site idefense.com

iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by multiple vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the JPX Stream parsing code for decoding embedded JPEG 2000 images. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.

tags | advisory, denial of service, overflow, arbitrary, local, code execution
advisories | CVE-2005-3193
SHA-256 | 461e2c30244cb0b905fd84506412e0b22210fbc6a3c74965d22b1ee24d1e7f5f
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close