NVD

Id
69265  
Name
CVE-2005-3627  
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2005-12-31  
Modified Date
2017-07-10  
Seq
2005-3627  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
358109 69265 CVE-2005-3627 SCOSA-2006.15  View
358110 69265 CVE-2005-3627 20051201-01-U  View
358111 69265 CVE-2005-3627 20060101-01-U  View
358112 69265 CVE-2005-3627 20060201-01-U  View
358113 69265 CVE-2005-3627 SUSE-SA:2006:001  View
358114 69265 CVE-2005-3627 oval:org.mitre.oval:def:10200  View
358115 69265 CVE-2005-3627 RHSA-2006:0177  View
358116 69265 CVE-2005-3627 http://scary.beasts.org/security/CESA-2005-003.txt  View
358117 69265 CVE-2005-3627 SSA:2006-045-09  View
358118 69265 CVE-2005-3627 SSA:2006-045-04  View
358119 69265 CVE-2005-3627 102972  View
358120 69265 CVE-2005-3627 DSA-931  View
358121 69265 CVE-2005-3627 DSA-932  View
358122 69265 CVE-2005-3627 DSA-937  View
358123 69265 CVE-2005-3627 DSA-938  View
358124 69265 CVE-2005-3627 DSA-940  View
358125 69265 CVE-2005-3627 DSA-936  View
358126 69265 CVE-2005-3627 DSA-950  View
358127 69265 CVE-2005-3627 DSA-961  View
358128 69265 CVE-2005-3627 DSA-962  View
358129 69265 CVE-2005-3627 GLSA-200601-02  View
358130 69265 CVE-2005-3627 GLSA-200601-17  View
358131 69265 CVE-2005-3627 http://www.kde.org/info/security/advisory-20051207-2.txt  View
358132 69265 CVE-2005-3627 MDKSA-2006:003  View
358133 69265 CVE-2005-3627 MDKSA-2006:004  View
358134 69265 CVE-2005-3627 MDKSA-2006:005  View
358135 69265 CVE-2005-3627 MDKSA-2006:006  View
358136 69265 CVE-2005-3627 MDKSA-2006:008  View
358137 69265 CVE-2005-3627 MDKSA-2006:011  View
358138 69265 CVE-2005-3627 MDKSA-2006:012  View
358139 69265 CVE-2005-3627 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html  View
358140 69265 CVE-2005-3627 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html  View
358141 69265 CVE-2005-3627 FEDORA-2005-025  View
358142 69265 CVE-2005-3627 FEDORA-2005-026  View
358143 69265 CVE-2005-3627 RHSA-2006:0160  View
358144 69265 CVE-2005-3627 RHSA-2006:0163  View
358145 69265 CVE-2005-3627 FLSA-2006:176751  View
358146 69265 CVE-2005-3627 FLSA:175404  View
358147 69265 CVE-2005-3627 16143  View
358148 69265 CVE-2005-3627 2006-0002  View
358149 69265 CVE-2005-3627 USN-236-1  View
358150 69265 CVE-2005-3627 ADV-2006-0047  View
358151 69265 CVE-2005-3627 ADV-2007-2280  View
358152 69265 CVE-2005-3627 xpdf-readhuffmantables-bo(24024)  View
358153 69265 CVE-2005-3627 xpdf-readscaninfo-bo(24025)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
57808 JVNDB-2006-000004 Xpdf の Stream.cc におけるメモリ領域を上書きされる問題 Xpdf には Stream.cc の DCTStream::readBaselineSOF() 関数、DCTStream::readProgressiveSOF() 関数、DCTStream::readHuffmanTables() 関数、DCTStream::readScanInfo() 関数において入力値の妥当性確認が行われないため、メモリの上書きが可能となる問題が存在します。 CVE-2005-3627 14829 CVE-2005-3627 69265 7.5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000004.html 2006-01-05 2007-06-28 View