CVSS: 10.0EPSS: 0%CPEs: 127EXPL: 1CVE-2005-3625
https://notcve.org/view.php?id=CVE-2005-3625
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2005-3631
https://notcve.org/view.php?id=CVE-2005-3631
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. • http://secunia.com/advisories/18193 http://securitytracker.com/id?1015386 http://www.redhat.com/support/errata/RHSA-2005-864.html http://www.securityfocus.com/bid/15994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10854 https://access.redhat.com/security/cve/CVE-2005-3631 https://bugzilla.redhat.com/show_bug.cgi?id=1617832 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 2CVE-2005-4151
https://notcve.org/view.php?id=CVE-2005-4151
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html http://metasploit.com/research/vulns/pgp_slackspace http://secunia.com/advisories/17827 http://www.osvdb.org/21569 http://www.securityfocus.com/archive/1/419077/100/0/threaded http://www.securityfocus.com/archive/1/419282/100/0/threaded http://www.securityfocus.com/archive/1/419654/100/0/threaded http://www.securityfocus.com/bid/15784 •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2005-2100
https://notcve.org/view.php?id=CVE-2005-2100
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). • http://secunia.com/advisories/17073 http://www.redhat.com/support/errata/RHSA-2005-514.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11556 https://access.redhat.com/security/cve/CVE-2005-2100 https://bugzilla.redhat.com/show_bug.cgi?id=1617687 •