CVE-2005-3191
 
Severity Score
5.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-10-14 CVE Reserved
- 2005-12-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (118)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities | 2018-10-19 | |
http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities | 2018-10-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 0.90 Search vendor "Xpdf" for product "Xpdf" and version "0.90" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 0.91 Search vendor "Xpdf" for product "Xpdf" and version "0.91" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 0.92 Search vendor "Xpdf" for product "Xpdf" and version "0.92" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 0.93 Search vendor "Xpdf" for product "Xpdf" and version "0.93" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 1.0 Search vendor "Xpdf" for product "Xpdf" and version "1.0" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 1.0a Search vendor "Xpdf" for product "Xpdf" and version "1.0a" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 1.1 Search vendor "Xpdf" for product "Xpdf" and version "1.1" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 2.0 Search vendor "Xpdf" for product "Xpdf" and version "2.0" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 2.1 Search vendor "Xpdf" for product "Xpdf" and version "2.1" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 2.2 Search vendor "Xpdf" for product "Xpdf" and version "2.2" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 2.3 Search vendor "Xpdf" for product "Xpdf" and version "2.3" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0 Search vendor "Xpdf" for product "Xpdf" and version "3.0" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0.1 Search vendor "Xpdf" for product "Xpdf" and version "3.0.1" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0_pl2 Search vendor "Xpdf" for product "Xpdf" and version "3.0_pl2" | - |
Affected
| ||||||
Xpdf Search vendor "Xpdf" | Xpdf Search vendor "Xpdf" for product "Xpdf" | 3.0_pl3 Search vendor "Xpdf" for product "Xpdf" and version "3.0_pl3" | - |
Affected
|