MidnightBSD

Advisories for libextractor

CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
redhat enterprise_linux 2.1
sco openserver 6.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
kde koffice 1.4
slackware slackware_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 10.2
easy_software_products cups 1.1.22
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.2
kde koffice 1.4.2
slackware slackware_linux 9.1
turbolinux turbolinux_personal *
tetex tetex 2.0.2
sgi propack 3.0
redhat fedora_core core_1.0
turbolinux turbolinux_server 8.0
redhat linux_advanced_workstation 2.1
trustix secure_linux 3.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
tetex tetex 2.0
turbolinux turbolinux_home *
redhat enterprise_linux 4.0
suse suse_linux 9.2
libextractor libextractor *
redhat linux 9.0
debian debian_linux 3.1
tetex tetex 1.0.7
trustix secure_linux 2.0
conectiva linux 10.0
kde kpdf 3.4.3
mandrakesoft mandrake_linux_corporate_server 3.0
easy_software_products cups 1.1.22_rc1
redhat enterprise_linux_desktop 4.0
poppler poppler 0.4.2
mandrakesoft mandrake_linux 10.1
turbolinux turbolinux_multimedia *
suse suse_linux 1.0
redhat enterprise_linux_desktop 3.0
redhat linux 7.3
ubuntu ubuntu_linux 5.04
sco openserver 5.0.7
kde kdegraphics 3.2
debian debian_linux 3.0
mandrakesoft mandrake_linux 2006
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux fuji
suse suse_linux 9.3
ubuntu ubuntu_linux 5.10
gentoo linux *
easy_software_products cups 1.1.23
slackware slackware_linux 10.1
suse suse_linux 10.0
turbolinux turbolinux_server 10.0_x86
suse suse_linux 9.0
easy_software_products cups 1.1.23_rc1
redhat fedora_core core_4.0
kde kpdf 3.2
kde koffice 1.4.1
xpdf xpdf 3.0
redhat enterprise_linux 3.0
redhat fedora_core core_2.0
kde kdegraphics 3.4.3
kde kword 1.4.2
turbolinux turbolinux_server 10.0
tetex tetex 3.0
redhat fedora_core core_3.0
tetex tetex 2.0.1
turbolinux turbolinux 10
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.2
suse suse_linux 9.1
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat enterprise_linux 2.1
sco openserver 6.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
kde koffice 1.4
slackware slackware_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 10.2
easy_software_products cups 1.1.22
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.2
kde koffice 1.4.2
slackware slackware_linux 9.1
turbolinux turbolinux_personal *
tetex tetex 2.0.2
sgi propack 3.0
redhat fedora_core core_1.0
turbolinux turbolinux_server 8.0
redhat linux_advanced_workstation 2.1
trustix secure_linux 3.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
tetex tetex 2.0
turbolinux turbolinux_home *
redhat enterprise_linux 4.0
suse suse_linux 9.2
libextractor libextractor *
redhat linux 9.0
debian debian_linux 3.1
tetex tetex 1.0.7
trustix secure_linux 2.0
conectiva linux 10.0
kde kpdf 3.4.3
mandrakesoft mandrake_linux_corporate_server 3.0
easy_software_products cups 1.1.22_rc1
redhat enterprise_linux_desktop 4.0
poppler poppler 0.4.2
mandrakesoft mandrake_linux 10.1
turbolinux turbolinux_multimedia *
suse suse_linux 1.0
redhat enterprise_linux_desktop 3.0
redhat linux 7.3
ubuntu ubuntu_linux 5.04
sco openserver 5.0.7
kde kdegraphics 3.2
debian debian_linux 3.0
mandrakesoft mandrake_linux 2006
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux fuji
suse suse_linux 9.3
ubuntu ubuntu_linux 5.10
gentoo linux *
easy_software_products cups 1.1.23
slackware slackware_linux 10.1
suse suse_linux 10.0
turbolinux turbolinux_server 10.0_x86
suse suse_linux 9.0
easy_software_products cups 1.1.23_rc1
redhat fedora_core core_4.0
kde kpdf 3.2
kde koffice 1.4.1
xpdf xpdf 3.0
redhat enterprise_linux 3.0
redhat fedora_core core_2.0
kde kdegraphics 3.4.3
kde kword 1.4.2
turbolinux turbolinux_server 10.0
tetex tetex 3.0
redhat fedora_core core_3.0
tetex tetex 2.0.1
turbolinux turbolinux 10
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.2
suse suse_linux 9.1
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat enterprise_linux 2.1
sco openserver 6.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
kde koffice 1.4
slackware slackware_linux 9.0
slackware slackware_linux 10.0
slackware slackware_linux 10.2
easy_software_products cups 1.1.22
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.2
kde koffice 1.4.2
slackware slackware_linux 9.1
turbolinux turbolinux_personal *
tetex tetex 2.0.2
sgi propack 3.0
redhat fedora_core core_1.0
turbolinux turbolinux_server 8.0
redhat linux_advanced_workstation 2.1
trustix secure_linux 3.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
tetex tetex 2.0
turbolinux turbolinux_home *
redhat enterprise_linux 4.0
suse suse_linux 9.2
libextractor libextractor *
redhat linux 9.0
debian debian_linux 3.1
tetex tetex 1.0.7
trustix secure_linux 2.0
conectiva linux 10.0
kde kpdf 3.4.3
mandrakesoft mandrake_linux_corporate_server 3.0
easy_software_products cups 1.1.22_rc1
redhat enterprise_linux_desktop 4.0
poppler poppler 0.4.2
mandrakesoft mandrake_linux 10.1
turbolinux turbolinux_multimedia *
suse suse_linux 1.0
redhat enterprise_linux_desktop 3.0
redhat linux 7.3
ubuntu ubuntu_linux 5.04
sco openserver 5.0.7
kde kdegraphics 3.2
debian debian_linux 3.0
mandrakesoft mandrake_linux 2006
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux fuji
suse suse_linux 9.3
ubuntu ubuntu_linux 5.10
gentoo linux *
easy_software_products cups 1.1.23
slackware slackware_linux 10.1
suse suse_linux 10.0
turbolinux turbolinux_server 10.0_x86
suse suse_linux 9.0
easy_software_products cups 1.1.23_rc1
redhat fedora_core core_4.0
kde kpdf 3.2
kde koffice 1.4.1
xpdf xpdf 3.0
redhat enterprise_linux 3.0
redhat fedora_core core_2.0
kde kdegraphics 3.4.3
kde kword 1.4.2
turbolinux turbolinux_server 10.0
tetex tetex 3.0
redhat fedora_core core_3.0
tetex tetex 2.0.1
turbolinux turbolinux 10
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.2
suse suse_linux 9.1
CVE-2006-1244 HIGH

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 3.0.1
xpdf xpdf 0.91
xpdf xpdf 3.0_pl3
xpdf xpdf 2.1
xpdf xpdf 0.93
xpdf xpdf 2.0
xpdf xpdf 1.1
libextractor libextractor 0.3.8
xpdf xpdf 2.3
libextractor libextractor 0.3.7
libextractor libextractor 0.3.11
libextractor libextractor 0.3.6
gnome gpdf 2.8.2
libextractor libextractor 0.4
xpdf xpdf 0.90
xpdf xpdf 1.0a
libextractor libextractor 0.5
xpdf xpdf 1.0
libextractor libextractor 0.3.9
xpdf xpdf 0.92
libextractor libextractor 0.4.1
xpdf xpdf 3.0_pl2
debian debian_linux 3.1
xpdf xpdf 3.0
xpdf xpdf 3.0.1_pl1
xpdf xpdf 2.2
libextractor libextractor 0.4.2
CVE-2006-2458 MEDIUM

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libextractor libextractor 0.5.13