CVE-2005-3191 in Xpdfinfo

Summary

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

10/14/2005

Disclosure

12/06/2005

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

6.3

EPSS

0.03031

CTI

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-3191
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3191
CVE Details	https://www.cvedetails.com/cve/CVE-2005-3191/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!