MidnightBSD

Advisories for xpdf

CVE-2000-0727 HIGH

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 0.90
CVE-2000-0728 HIGH

xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 0.90
CVE-2002-1384 HIGH

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 0.91
xpdf xpdf 1.1
easy_software_products cups 1.1.10
easy_software_products cups 1.1.4_2
xpdf xpdf 2.0
xpdf xpdf 1.0a
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_5
easy_software_products cups 1.0.4
easy_software_products cups 1.1.13
easy_software_products cups 1.1.1
easy_software_products cups 1.1.14
easy_software_products cups 1.0.4_8
xpdf xpdf 2.1
easy_software_products cups 1.1.4
easy_software_products cups 1.1.7
xpdf xpdf 0.90
xpdf xpdf 1.0
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.6
CVE-2003-0434 HIGH

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 1.1
redhat linux 7.1
adobe acrobat 5.0.6
redhat linux 7.2
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 9.0
redhat linux 7.3
redhat linux 9.0
redhat linux 8.0
redhat enterprise_linux 2.1
mandrakesoft mandrake_linux 9.1
mandrakesoft mandrake_linux_corporate_server 2.1
CVE-2004-0888 HIGH

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.2.2
xpdf xpdf 0.91
easy_software_products cups 1.1.12
xpdf xpdf 2.0
kde kde 3.3
pdftohtml pdftohtml 0.35
kde kde 3.3.1
pdftohtml pdftohtml 0.32b
debian debian_linux 3.0
pdftohtml pdftohtml 0.34
easy_software_products cups 1.1.1
easy_software_products cups 1.1.19_rc5
kde koffice 1.3_beta1
kde koffice 1.3
easy_software_products cups 1.1.18
redhat enterprise_linux 2.1
suse suse_linux 8.1
xpdf xpdf 0.90
easy_software_products cups 1.1.16
xpdf xpdf 1.1
suse suse_linux 9.2
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.33
redhat linux_advanced_workstation 2.1
gentoo linux *
easy_software_products cups 1.1.13
suse suse_linux 9.1
easy_software_products cups 1.1.4
easy_software_products cups 1.1.19
pdftohtml pdftohtml 0.36
xpdf xpdf 1.0
xpdf xpdf 2.3
easy_software_products cups 1.1.6
easy_software_products cups 1.1.20
suse suse_linux 8.2
easy_software_products cups 1.1.4_2
xpdf xpdf 1.0a
tetex tetex 2.0.1
suse suse_linux 8.0
kde kpdf 3.2
kde kde 3.2.3
easy_software_products cups 1.1.4_5
easy_software_products cups 1.0.4
xpdf xpdf 0.92
xpdf xpdf 2.1
pdftohtml pdftohtml 0.32a
kde koffice 1.3_beta2
tetex tetex 2.0.2
easy_software_products cups 1.1.7
suse suse_linux 9.0
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
tetex tetex 1.0.7
easy_software_products cups 1.1.10
easy_software_products cups 1.1.17
easy_software_products cups 1.1.15
gnome gpdf 0.131
kde kde 3.2.1
tetex tetex 2.0
xpdf xpdf 3.0
xpdf xpdf 0.93
kde koffice 1.3.3
kde kde 3.2
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.14
easy_software_products cups 1.0.4_8
gnome gpdf 0.112
kde koffice 1.3.1
redhat enterprise_linux 3.0
easy_software_products cups 1.1.4_3
pdftohtml pdftohtml 0.33a
kde koffice 1.3.2
CVE-2004-0889 HIGH

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.2.2
xpdf xpdf 0.91
easy_software_products cups 1.1.12
xpdf xpdf 2.0
kde kde 3.3
pdftohtml pdftohtml 0.35
kde kde 3.3.1
pdftohtml pdftohtml 0.32b
debian debian_linux 3.0
pdftohtml pdftohtml 0.34
easy_software_products cups 1.1.1
easy_software_products cups 1.1.19_rc5
kde koffice 1.3_beta1
kde koffice 1.3
easy_software_products cups 1.1.18
redhat enterprise_linux 2.1
suse suse_linux 8.1
xpdf xpdf 0.90
easy_software_products cups 1.1.16
xpdf xpdf 1.1
suse suse_linux 9.2
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.33
redhat linux_advanced_workstation 2.1
gentoo linux *
easy_software_products cups 1.1.13
suse suse_linux 9.1
easy_software_products cups 1.1.4
easy_software_products cups 1.1.19
pdftohtml pdftohtml 0.36
xpdf xpdf 1.0
xpdf xpdf 2.3
easy_software_products cups 1.1.6
easy_software_products cups 1.1.20
suse suse_linux 8.2
easy_software_products cups 1.1.4_2
xpdf xpdf 1.0a
tetex tetex 2.0.1
suse suse_linux 8.0
kde kpdf 3.2
kde kde 3.2.3
easy_software_products cups 1.1.4_5
easy_software_products cups 1.0.4
xpdf xpdf 0.92
xpdf xpdf 2.1
pdftohtml pdftohtml 0.32a
kde koffice 1.3_beta2
tetex tetex 2.0.2
easy_software_products cups 1.1.7
suse suse_linux 9.0
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
tetex tetex 1.0.7
easy_software_products cups 1.1.10
easy_software_products cups 1.1.17
easy_software_products cups 1.1.15
gnome gpdf 0.131
kde kde 3.2.1
tetex tetex 2.0
xpdf xpdf 3.0
xpdf xpdf 0.93
kde koffice 1.3.3
kde kde 3.2
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.14
easy_software_products cups 1.0.4_8
gnome gpdf 0.112
kde koffice 1.3.1
redhat enterprise_linux 3.0
easy_software_products cups 1.1.4_3
pdftohtml pdftohtml 0.33a
kde koffice 1.3.2
CVE-2004-1125 HIGH

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
xpdf xpdf 3.0
kde kde 3.3.2
kde kde 3.2.3
easy_software_products cups 1.1.20
CVE-2005-0064 HIGH

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 0.7
xpdf xpdf 0.91
xpdf xpdf 2.0
xpdf xpdf 1.0a
xpdf xpdf 0.3
xpdf xpdf 2.2
xpdf xpdf 0.92
xpdf xpdf 0.4
xpdf xpdf 0.92c
xpdf xpdf 2.1
xpdf xpdf 0.93b
xpdf xpdf 0.91c
xpdf xpdf 0.90
xpdf xpdf 0.2
xpdf xpdf 0.91b
xpdf xpdf 0.80
xpdf xpdf 1.1
xpdf xpdf 0.7a
xpdf xpdf 0.93a
xpdf xpdf 0.92a
xpdf xpdf 0.5a
xpdf xpdf 0.92e
xpdf xpdf 0.6
xpdf xpdf 3.0
xpdf xpdf 0.93
xpdf xpdf 0.92b
xpdf xpdf 0.93c
xpdf xpdf 1.0
xpdf xpdf 2.3
xpdf xpdf 0.92d
xpdf xpdf 0.5
xpdf xpdf 0.91a
CVE-2005-0206 HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde kde 3.2.2
xpdf xpdf 0.91
xpdf xpdf 2.0
pdftohtml pdftohtml 0.35
redhat fedora_core core_1.0
kde kde 3.3.1
pdftohtml pdftohtml 0.32b
debian debian_linux 3.0
suse suse_linux 4.3
kde koffice 1.3_beta1
suse suse_linux 9.2
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.33
sgi advanced_linux_environment 3.0
sgi propack 3.0
easy_software_products cups 1.1.13
suse suse_linux 2.0
suse suse_linux 9.1
suse suse_linux 4.4
suse suse_linux 6.0
easy_software_products cups 1.1.19
pdftohtml pdftohtml 0.36
suse suse_linux 7.3
xpdf xpdf 2.3
suse suse_linux 5.3
easy_software_products cups 1.1.20
suse suse_linux 7.1
suse suse_linux 4.0
suse suse_linux 8.2
easy_software_products cups 1.1.4_2
xpdf xpdf 1.0a
suse suse_linux 8.0
kde kpdf 3.2
tetex tetex 1.0.6
kde kde 3.2.3
suse suse_linux 6.4
mandrakesoft mandrake_linux_corporate_server 3.0
xpdf xpdf 2.1
pdftohtml pdftohtml 0.32a
suse suse_linux 9.0
easy_software_products cups 1.1.17
easy_software_products cups 1.1.15
suse suse_linux 5.0
suse suse_linux 5.2
suse suse_linux 6.3
xpdf xpdf 0.93
easy_software_products cups 1.0.4_8
suse suse_linux 5.1
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.12
kde kde 3.3
pdftohtml pdftohtml 0.34
easy_software_products cups 1.1.1
easy_software_products cups 1.1.19_rc5
kde koffice 1.3
easy_software_products cups 1.1.18
redhat enterprise_linux 2.1
suse suse_linux 8.1
xpdf xpdf 0.90
suse suse_linux 4.4.1
easy_software_products cups 1.1.16
xpdf xpdf 1.1
cstex cstetex 2.0.2
suse suse_linux 1.0
suse suse_linux 7.0
redhat linux_advanced_workstation 2.1
suse suse_linux 7.2
gentoo linux *
easy_software_products cups 1.1.4
xpdf xpdf 1.0
easy_software_products cups 1.1.6
suse suse_linux 6.2
tetex tetex 2.0.1
easy_software_products cups 1.1.4_5
suse suse_linux 4.2
easy_software_products cups 1.0.4
xpdf xpdf 0.92
kde koffice 1.3_beta2
tetex tetex 2.0.2
easy_software_products cups 1.1.7
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
tetex tetex 1.0.7
gnome gpdf 0.110
easy_software_products cups 1.1.10
suse suse_linux 3.0
gnome gpdf 0.131
kde kde 3.2.1
tetex tetex 2.0
redhat linux 9.0
xpdf xpdf 3.0
kde koffice 1.3.3
kde kde 3.2
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.14
gnome gpdf 0.112
ascii ptex 3.1.4
suse suse_linux 6.1
kde koffice 1.3.1
redhat enterprise_linux 3.0
pdftohtml pdftohtml 0.33a
kde koffice 1.3.2
redhat fedora_core core_3.0
CVE-2005-2097 LOW

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 3.0
xpdf xpdf 3.0_pl3
xpdf xpdf 3.0_pl2
kde kpdf *
CVE-2005-3191 MEDIUM

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xpdf xpdf 3.0_pl3
xpdf xpdf 0.91
xpdf xpdf 1.1
xpdf xpdf 3.0.1
xpdf xpdf 2.0
xpdf xpdf 1.0a
xpdf xpdf 2.2
xpdf xpdf 0.92
xpdf xpdf 3.0
xpdf xpdf 0.93
xpdf xpdf 2.1
xpdf xpdf 0.90
xpdf xpdf 3.0_pl2
xpdf xpdf 1.0
xpdf xpdf 2.3
CVE-2005-3192 HIGH

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xpdf xpdf 3.0.1
CVE-2005-3193 MEDIUM

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xpdf xpdf 3.0_pl3
xpdf xpdf 0.91
xpdf xpdf 1.1
xpdf xpdf 3.0.1
xpdf xpdf 2.0
xpdf xpdf 1.0a
xpdf xpdf 2.2
xpdf xpdf 0.92
xpdf xpdf 3.0
xpdf xpdf 0.93
xpdf xpdf 2.1
xpdf xpdf 0.90
xpdf xpdf 3.0_pl2
xpdf xpdf 1.0
xpdf xpdf 2.3
CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
redhat fedora_core core_4.0
redhat fedora_core core_1.0
turbolinux turbolinux_multimedia *
kde kdegraphics 3.4.3
debian debian_linux 3.1
redhat enterprise_linux_desktop 4.0
debian debian_linux 3.0
kde koffice 1.4
redhat enterprise_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
easy_software_products cups 1.1.22
turbolinux turbolinux fuji
suse suse_linux 9.2
trustix secure_linux 2.2
suse suse_linux 1.0
turbolinux turbolinux_server 8.0
ubuntu ubuntu_linux 5.10
turbolinux turbolinux_home *
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_workstation 8.0
sgi propack 3.0
kde kpdf 3.4.3
gentoo linux *
trustix secure_linux 2.0
turbolinux turbolinux_server 10.0
suse suse_linux 9.1
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_appliance_server 1.0_hosting_edition
slackware slackware_linux 10.0
trustix secure_linux 3.0
tetex tetex 2.0.1
suse suse_linux 10.0
kde kpdf 3.2
slackware slackware_linux 10.2
turbolinux turbolinux_personal *
redhat linux 7.3
ubuntu ubuntu_linux 5.04
mandrakesoft mandrake_linux_corporate_server 3.0
slackware slackware_linux 9.0
easy_software_products cups 1.1.22_rc1
suse suse_linux 9.3
tetex tetex 2.0.2
redhat enterprise_linux 4.0
sco openserver 6.0
suse suse_linux 9.0
tetex tetex 3.0
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
slackware slackware_linux 10.1
tetex tetex 1.0.7
conectiva linux 10.0
kde kdegraphics 3.2
mandrakesoft mandrake_linux 2006
libextractor libextractor *
tetex tetex 2.0
kde koffice 1.4.1
turbolinux turbolinux 10
redhat linux 9.0
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
kde koffice 1.4.2
easy_software_products cups 1.1.23_rc1
kde kword 1.4.2
slackware slackware_linux 9.1
mandrakesoft mandrake_linux 10.2
turbolinux turbolinux_desktop 10.0
sco openserver 5.0.7
turbolinux turbolinux_server 10.0_x86
poppler poppler 0.4.2
redhat enterprise_linux 3.0
mandrakesoft mandrake_linux 10.1
easy_software_products cups 1.1.23
redhat fedora_core core_3.0
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat fedora_core core_4.0
redhat fedora_core core_1.0
turbolinux turbolinux_multimedia *
kde kdegraphics 3.4.3
debian debian_linux 3.1
redhat enterprise_linux_desktop 4.0
debian debian_linux 3.0
kde koffice 1.4
redhat enterprise_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
easy_software_products cups 1.1.22
turbolinux turbolinux fuji
suse suse_linux 9.2
trustix secure_linux 2.2
suse suse_linux 1.0
turbolinux turbolinux_server 8.0
ubuntu ubuntu_linux 5.10
turbolinux turbolinux_home *
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_workstation 8.0
sgi propack 3.0
kde kpdf 3.4.3
gentoo linux *
trustix secure_linux 2.0
turbolinux turbolinux_server 10.0
suse suse_linux 9.1
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_appliance_server 1.0_hosting_edition
slackware slackware_linux 10.0
trustix secure_linux 3.0
tetex tetex 2.0.1
suse suse_linux 10.0
kde kpdf 3.2
slackware slackware_linux 10.2
turbolinux turbolinux_personal *
redhat linux 7.3
ubuntu ubuntu_linux 5.04
mandrakesoft mandrake_linux_corporate_server 3.0
slackware slackware_linux 9.0
easy_software_products cups 1.1.22_rc1
suse suse_linux 9.3
tetex tetex 2.0.2
redhat enterprise_linux 4.0
sco openserver 6.0
suse suse_linux 9.0
tetex tetex 3.0
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
slackware slackware_linux 10.1
tetex tetex 1.0.7
conectiva linux 10.0
kde kdegraphics 3.2
mandrakesoft mandrake_linux 2006
libextractor libextractor *
tetex tetex 2.0
kde koffice 1.4.1
turbolinux turbolinux 10
redhat linux 9.0
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
kde koffice 1.4.2
easy_software_products cups 1.1.23_rc1
kde kword 1.4.2
slackware slackware_linux 9.1
mandrakesoft mandrake_linux 10.2
turbolinux turbolinux_desktop 10.0
sco openserver 5.0.7
turbolinux turbolinux_server 10.0_x86
poppler poppler 0.4.2
redhat enterprise_linux 3.0
mandrakesoft mandrake_linux 10.1
easy_software_products cups 1.1.23
redhat fedora_core core_3.0
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat fedora_core core_4.0
redhat fedora_core core_1.0
turbolinux turbolinux_multimedia *
kde kdegraphics 3.4.3
debian debian_linux 3.1
redhat enterprise_linux_desktop 4.0
debian debian_linux 3.0
kde koffice 1.4
redhat enterprise_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
easy_software_products cups 1.1.22
turbolinux turbolinux fuji
suse suse_linux 9.2
trustix secure_linux 2.2
suse suse_linux 1.0
turbolinux turbolinux_server 8.0
ubuntu ubuntu_linux 5.10
turbolinux turbolinux_home *
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_workstation 8.0
sgi propack 3.0
kde kpdf 3.4.3
gentoo linux *
trustix secure_linux 2.0
turbolinux turbolinux_server 10.0
suse suse_linux 9.1
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_appliance_server 1.0_hosting_edition
slackware slackware_linux 10.0
trustix secure_linux 3.0
tetex tetex 2.0.1
suse suse_linux 10.0
kde kpdf 3.2
slackware slackware_linux 10.2
turbolinux turbolinux_personal *
redhat linux 7.3
ubuntu ubuntu_linux 5.04
mandrakesoft mandrake_linux_corporate_server 3.0
slackware slackware_linux 9.0
easy_software_products cups 1.1.22_rc1
suse suse_linux 9.3
tetex tetex 2.0.2
redhat enterprise_linux 4.0
sco openserver 6.0
suse suse_linux 9.0
tetex tetex 3.0
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
slackware slackware_linux 10.1
tetex tetex 1.0.7
conectiva linux 10.0
kde kdegraphics 3.2
mandrakesoft mandrake_linux 2006
libextractor libextractor *
tetex tetex 2.0
kde koffice 1.4.1
turbolinux turbolinux 10
redhat linux 9.0
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
kde koffice 1.4.2
easy_software_products cups 1.1.23_rc1
kde kword 1.4.2
slackware slackware_linux 9.1
mandrakesoft mandrake_linux 10.2
turbolinux turbolinux_desktop 10.0
sco openserver 5.0.7
turbolinux turbolinux_server 10.0_x86
poppler poppler 0.4.2
redhat enterprise_linux 3.0
mandrakesoft mandrake_linux 10.1
easy_software_products cups 1.1.23
redhat fedora_core core_3.0
CVE-2005-3627 HIGH

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xpdf xpdf *
CVE-2005-3628 HIGH

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf *
CVE-2006-0301 HIGH

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xpdf xpdf *
CVE-2006-0746 HIGH

Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf *
CVE-2006-1244 HIGH

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xpdf xpdf 3.0_pl3
xpdf xpdf 0.91
xpdf xpdf 3.0.1
xpdf xpdf 2.0
xpdf xpdf 3.0.1_pl1
xpdf xpdf 1.0a
xpdf xpdf 2.2
libextractor libextractor 0.4
debian debian_linux 3.1
libextractor libextractor 0.3.8
xpdf xpdf 0.92
libextractor libextractor 0.3.9
xpdf xpdf 2.1
libextractor libextractor 0.4.2
xpdf xpdf 0.90
xpdf xpdf 3.0_pl2
libextractor libextractor 0.3.7
libextractor libextractor 0.3.6
xpdf xpdf 1.1
libextractor libextractor 0.5
xpdf xpdf 3.0
xpdf xpdf 0.93
gnome gpdf 2.8.2
xpdf xpdf 1.0
xpdf xpdf 2.3
libextractor libextractor 0.4.1
libextractor libextractor 0.3.11