CVE-2005-3627 Information

Feb 14, 2021 cve

Description

Stream.cc in Xpdf as used in products such as gpdf kpdf pdftohtml poppler teTeX CUPS libextractor and others allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \number of components\ value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF (2) a large \Huffman table index\ value that is not checked by DCTStream::readHuffmanTables and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/advisories/18147 http://secunia.com/advisories/18303 http://secunia.com/advisories/18312 http://secunia.com/advisories/18313 http://secunia.com/advisories/18329 http://secunia.com/advisories/18332 http://secunia.com/advisories/18334 http://secunia.com/advisories/18335 http://secunia.com/advisories/18338 http://secunia.com/advisories/18349 http://secunia.com/advisories/18373 http://secunia.com/advisories/18375 http://secunia.com/advisories/18380 http://secunia.com/advisories/18385 http://secunia.com/advisories/18387 http://secunia.com/advisories/18389 http://secunia.com/advisories/18398 http://secunia.com/advisories/18407 http://secunia.com/advisories/18414 http://secunia.com/advisories/18416 http://secunia.com/advisories/18423 http://secunia.com/advisories/18425 http://secunia.com/advisories/18428 http://secunia.com/advisories/18436 http://secunia.com/advisories/18448 http://secunia.com/advisories/18463 http://secunia.com/advisories/18517 http://secunia.com/advisories/18534 http://secunia.com/advisories/18554 http://secunia.com/advisories/18582 http://secunia.com/advisories/18642 http://secunia.com/advisories/18644 http://secunia.com/advisories/18674 http://secunia.com/advisories/18675 http://secunia.com/advisories/18679 http://secunia.com/advisories/18908 http://secunia.com/advisories/18913 http://secunia.com/advisories/19230 http://secunia.com/advisories/19377 http://secunia.com/advisories/25729 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 http://www.debian.org/security/2005/dsa-931 http://www.debian.org/security/2005/dsa-932 http://www.debian.org/security/2005/dsa-937 http://www.debian.org/security/2005/dsa-938 http://www.debian.org/security/2005/dsa-940 http://www.debian.org/security/2006/dsa-936 http://www.debian.org/security/2006/dsa-950 http://www.debian.org/security/2006/dsa-961 http://www.debian.org/security/2006/dsa-962 http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml http://www.kde.org/info/security/advisory-20051207-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html http://www.redhat.com/support/errata/RHSA-2006-0160.html http://www.redhat.com/support/errata/RHSA-2006-0163.html http://www.securityfocus.com/archive/1/427053/100/0/threaded http://www.securityfocus.com/archive/1/427990/100/0/threaded http://www.securityfocus.com/bid/16143 http://www.trustix.org/errata/2006/0002/ http://www.vupen.com/english/advisories/2006/0047 http://www.vupen.com/english/advisories/2007/2280 https://exchange.xforce.ibmcloud.com/vulnerabilities/24024 https://exchange.xforce.ibmcloud.com/vulnerabilities/24025 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10200 https://usn.ubuntu.com/236-1/

Share on: