CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •
CVE-2005-3625
https://notcve.org/view.php?id=CVE-2005-3625
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •
CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •
CVE-2005-4178
https://notcve.org/view.php?id=CVE-2005-4178
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. • http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html http://matt.ucc.asn.au/dropbear/dropbear.html http://secunia.com/advisories/18108 http://secunia.com/advisories/18109 http://secunia.com/advisories/18142 http://www.debian.org/security/2005/dsa-923 http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml http://www.securityfocus.com/bid/15923 http://www.vupen.com/english/advisories/2005/2962 •
CVE-2005-3912
https://notcve.org/view.php?id=CVE-2005-3912
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl. • http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html http://secunia.com/advisories/17749 http://secunia.com/advisories/17817 http://secunia.com/advisories/17878 http://secunia.com/advisories/17942 http://secunia.com/advisories/18101 http://secunia.com/advisories/22556 http://www.debian.org/security/2006/dsa-1199 http://www.dyadsecurity.com/webmin-0001.html http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml http://www.mandriva.com/security/advisori •