NVD
- Id
- 68854
- Name
- CVE-2005-3192
- Description
- Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
- Reject
- CVSS Version
- 2
- CVSS Score
- 7.5
- Severity
- High
- CVSS Base Score
- 7.5
- CVSS Impact Subscore
- 6.4
- CVSS Exploit Subscore
- 10
- CVSS Vector
- (AV:N/AC:L/Au:N/C:P/I:P/A:P)
- Pub Date
- 2017-07-18
- Published
- 2005-12-07
- Modified Date
- 2017-07-10
- Seq
- 2005-3192
Related NVD References
| Id | NVD Id | NVD No. | Reference | Actions |
|---|---|---|---|---|
| 355755 | 68854 | CVE-2005-3192 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch | View |
| 355756 | 68854 | CVE-2005-3192 | SCOSA-2006.15 | View |
| 355757 | 68854 | CVE-2005-3192 | SCOSA-2006.20 | View |
| 355758 | 68854 | CVE-2005-3192 | SCOSA-2006.21 | View |
| 355759 | 68854 | CVE-2005-3192 | 20051201-01-U | View |
| 355760 | 68854 | CVE-2005-3192 | 20060101-01-U | View |
| 355761 | 68854 | CVE-2005-3192 | 20060201-01-U | View |
| 355762 | 68854 | CVE-2005-3192 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289 | View |
| 355763 | 68854 | CVE-2005-3192 | SUSE-SA:2006:001 | View |
| 355764 | 68854 | CVE-2005-3192 | oval:org.mitre.oval:def:10914 | View |
| 355765 | 68854 | CVE-2005-3192 | RHSA-2005:868 | View |
| 355766 | 68854 | CVE-2005-3192 | http://scary.beasts.org/security/CESA-2005-003.txt | View |
| 355767 | 68854 | CVE-2005-3192 | 235 | View |
| 355768 | 68854 | CVE-2005-3192 | 240 | View |
| 355769 | 68854 | CVE-2005-3192 | 1015309 | View |
| 355770 | 68854 | CVE-2005-3192 | 1015324 | View |
| 355771 | 68854 | CVE-2005-3192 | SSA:2006-045-09 | View |
| 355772 | 68854 | CVE-2005-3192 | SSA:2006-045-04 | View |
| 355773 | 68854 | CVE-2005-3192 | 102972 | View |
| 355774 | 68854 | CVE-2005-3192 | DSA-931 | View |
| 355775 | 68854 | CVE-2005-3192 | DSA-932 | View |
| 355776 | 68854 | CVE-2005-3192 | DSA-936 | View |
| 355777 | 68854 | CVE-2005-3192 | DSA-937 | View |
| 355778 | 68854 | CVE-2005-3192 | DSA-950 | View |
| 355779 | 68854 | CVE-2005-3192 | DSA-961 | View |
| 355780 | 68854 | CVE-2005-3192 | DSA-962 | View |
| 355781 | 68854 | CVE-2005-3192 | GLSA-200512-08 | View |
| 355782 | 68854 | CVE-2005-3192 | GLSA-200601-02 | View |
| 355783 | 68854 | CVE-2005-3192 | 20051205 Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability | View |
| 355784 | 68854 | CVE-2005-3192 | http://www.kde.org/info/security/advisory-20051207-1.txt | View |
| 355785 | 68854 | CVE-2005-3192 | http://www.kde.org/info/security/advisory-20051207-2.txt | View |
| 355786 | 68854 | CVE-2005-3192 | MDKSA-2006:003 | View |
| 355787 | 68854 | CVE-2005-3192 | MDKSA-2006:004 | View |
| 355788 | 68854 | CVE-2005-3192 | MDKSA-2006:005 | View |
| 355789 | 68854 | CVE-2005-3192 | MDKSA-2006:006 | View |
| 355790 | 68854 | CVE-2005-3192 | MDKSA-2006:008 | View |
| 355791 | 68854 | CVE-2005-3192 | MDKSA-2006:011 | View |
| 355792 | 68854 | CVE-2005-3192 | SUSE-SR:2005:029 | View |
| 355793 | 68854 | CVE-2005-3192 | SUSE-SR:2006:002 | View |
| 355794 | 68854 | CVE-2005-3192 | FEDORA-2005-1126 | View |
| 355795 | 68854 | CVE-2005-3192 | FEDORA-2005-1127 | View |
| 355796 | 68854 | CVE-2005-3192 | FEDORA-2005-1141 | View |
| 355797 | 68854 | CVE-2005-3192 | FEDORA-2005-1142 | View |
| 355798 | 68854 | CVE-2005-3192 | RHSA-2005:840 | View |
| 355799 | 68854 | CVE-2005-3192 | RHSA-2005:867 | View |
| 355800 | 68854 | CVE-2005-3192 | RHSA-2005:878 | View |
| 355801 | 68854 | CVE-2005-3192 | RHSA-2006:0160 | View |
| 355802 | 68854 | CVE-2005-3192 | 20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice | View |
| 355803 | 68854 | CVE-2005-3192 | FLSA-2006:176751 | View |
| 355804 | 68854 | CVE-2005-3192 | FLSA:175404 | View |
| 355805 | 68854 | CVE-2005-3192 | 15725 | View |
| 355806 | 68854 | CVE-2005-3192 | TSLSA-2005-0072 | View |
| 355807 | 68854 | CVE-2005-3192 | USN-227-1 | View |
| 355808 | 68854 | CVE-2005-3192 | ADV-2005-2755 | View |
| 355809 | 68854 | CVE-2005-3192 | ADV-2005-2786 | View |
| 355810 | 68854 | CVE-2005-3192 | ADV-2005-2787 | View |
| 355811 | 68854 | CVE-2005-3192 | ADV-2005-2788 | View |
| 355812 | 68854 | CVE-2005-3192 | ADV-2005-2789 | View |
| 355813 | 68854 | CVE-2005-3192 | ADV-2005-2790 | View |
| 355814 | 68854 | CVE-2005-3192 | ADV-2005-2856 | View |
| 355815 | 68854 | CVE-2005-3192 | ADV-2007-2280 | View |
| 355816 | 68854 | CVE-2005-3192 | xpdf-streampredictor-bo(23442) | View |
| 355817 | 68854 | CVE-2005-3192 | https://issues.rpath.com/browse/RPL-1609 | View |
Related JVN
| Id | Name | Title | Summary | Cveinfo Name | Cveinfo Id | Nvdinfo Name | Nvdinfo Id | Cvssv2 | Cvssv3 | Jvnurl | Published Date | Last Updated Date | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 62514 | JVNDB-2005-000716 | Xpdf の StreamPredictor::StreamPredictor() 関数におけるヒープオーバーフローの脆弱性 | Xpdf には xpdf/Stream.cc の StreamPredictor::StreamPredictor() 関数において、numComps の値に対する境界チェックが不適切であるため、不正な numComps により必要なサイズより少ないメモリ領域が確保され、結果としてヒープオーバーフローが発生する脆弱性が存在します。 | CVE-2005-3192 | 14396 | CVE-2005-3192 | 68854 | 7.5 | http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000716.html | 2005-12-05 | 2007-06-28 | View |
