CVE-2005-3193

Severity Score

5.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

*Credits: N/A

CVSS Scores

NISTv2 5.1

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-10-14 CVE Reserved
2005-12-07 CVE Published
2023-06-18 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (113)

URL	Tag	Source
http://secunia.com/advisories/17955	Third Party Advisory
http://secunia.com/advisories/17956	Third Party Advisory
http://secunia.com/advisories/17959	Third Party Advisory
http://secunia.com/advisories/18147	Third Party Advisory
http://secunia.com/advisories/18303	Third Party Advisory
http://secunia.com/advisories/18380	Third Party Advisory
http://secunia.com/advisories/18407	Third Party Advisory
http://secunia.com/advisories/18517	Third Party Advisory
http://secunia.com/advisories/18520	Third Party Advisory
http://secunia.com/advisories/18534	Third Party Advisory
http://secunia.com/advisories/18554	Third Party Advisory
http://secunia.com/advisories/18582	Third Party Advisory
http://secunia.com/advisories/18674	Third Party Advisory
http://secunia.com/advisories/18675	Third Party Advisory
http://secunia.com/advisories/18679	Third Party Advisory
http://secunia.com/advisories/18908	Third Party Advisory
http://secunia.com/advisories/18913	Third Party Advisory
http://secunia.com/advisories/19125	Third Party Advisory
http://secunia.com/advisories/19230	Third Party Advisory
http://secunia.com/advisories/19377	Third Party Advisory
http://secunia.com/advisories/19797	Third Party Advisory
http://secunia.com/advisories/19798	Third Party Advisory
http://secunia.com/advisories/25729	Third Party Advisory
http://secunia.com/advisories/26413	Third Party Advisory
http://securityreason.com/securityalert/236	Third Party Advisory
http://securitytracker.com/id?1015309	Vdb Entry
http://securitytracker.com/id?1015324	Vdb Entry
http://www.kde.org/info/security/advisory-20051207-1.txt	X_refsource_confirm
http://www.kde.org/info/security/advisory-20051207-2.txt	X_refsource_confirm
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/418883/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/15721	Vdb Entry
http://www.vupen.com/english/advisories/2005/2787	Vdb Entry
http://www.vupen.com/english/advisories/2005/2789	Vdb Entry
http://www.vupen.com/english/advisories/2005/2790	Vdb Entry
http://www.vupen.com/english/advisories/2005/2856	Vdb Entry
http://www.vupen.com/english/advisories/2007/2280	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/23441	Vdb Entry
https://issues.rpath.com/browse/RPL-1609	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440	Signature

URL	Date	SRC

URL	Date	SRC
http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true	2018-10-19

URL	Date	SRC
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt	2018-10-19
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt	2018-10-19
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt	2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U	2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U	2018-10-19
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html	2018-10-19
http://rhn.redhat.com/errata/RHSA-2005-868.html	2018-10-19
http://secunia.com/advisories/17897	2018-10-19
http://secunia.com/advisories/17912	2018-10-19
http://secunia.com/advisories/17916	2018-10-19
http://secunia.com/advisories/17920	2018-10-19
http://secunia.com/advisories/17926	2018-10-19
http://secunia.com/advisories/17929	2018-10-19
http://secunia.com/advisories/17940	2018-10-19
http://secunia.com/advisories/17976	2018-10-19
http://secunia.com/advisories/18009	2018-10-19
http://secunia.com/advisories/18055	2018-10-19
http://secunia.com/advisories/18061	2018-10-19
http://secunia.com/advisories/18189	2018-10-19
http://secunia.com/advisories/18191	2018-10-19
http://secunia.com/advisories/18192	2018-10-19
http://secunia.com/advisories/18313	2018-10-19
http://secunia.com/advisories/18336	2018-10-19
http://secunia.com/advisories/18349	2018-10-19
http://secunia.com/advisories/18385	2018-10-19
http://secunia.com/advisories/18387	2018-10-19
http://secunia.com/advisories/18389	2018-10-19
http://secunia.com/advisories/18398	2018-10-19
http://secunia.com/advisories/18416	2018-10-19
http://secunia.com/advisories/18448	2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683	2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747	2018-10-19
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1	2018-10-19
http://www.debian.org/security/2005/dsa-931	2018-10-19
http://www.debian.org/security/2005/dsa-932	2018-10-19
http://www.debian.org/security/2005/dsa-937	2018-10-19
http://www.debian.org/security/2005/dsa-938	2018-10-19
http://www.debian.org/security/2005/dsa-940	2018-10-19
http://www.debian.org/security/2006/dsa-936	2018-10-19
http://www.debian.org/security/2006/dsa-950	2018-10-19
http://www.debian.org/security/2006/dsa-961	2018-10-19
http://www.debian.org/security/2006/dsa-962	2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml	2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml	2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012	2018-10-19
http://www.novell.com/linux/security/advisories/2005_29_sr.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html	2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2005-840.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2005-867.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2005-878.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0160.html	2018-10-19
http://www.securityfocus.com/archive/1/427053/100/0/threaded	2018-10-19
http://www.securityfocus.com/archive/1/427990/100/0/threaded	2018-10-19
http://www.trustix.org/errata/2005/0072	2018-10-19
http://www.ubuntulinux.org/usn/usn-227-1	2018-10-19
https://access.redhat.com/security/cve/CVE-2005-3193	2006-01-19
https://bugzilla.redhat.com/show_bug.cgi?id=1617798	2006-01-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				0.90 Search vendor "Xpdf" for product "Xpdf" and version "0.90"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				0.91 Search vendor "Xpdf" for product "Xpdf" and version "0.91"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				0.92 Search vendor "Xpdf" for product "Xpdf" and version "0.92"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				0.93 Search vendor "Xpdf" for product "Xpdf" and version "0.93"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				1.0 Search vendor "Xpdf" for product "Xpdf" and version "1.0"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				1.0a Search vendor "Xpdf" for product "Xpdf" and version "1.0a"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				1.1 Search vendor "Xpdf" for product "Xpdf" and version "1.1"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				2.0 Search vendor "Xpdf" for product "Xpdf" and version "2.0"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				2.1 Search vendor "Xpdf" for product "Xpdf" and version "2.1"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				2.2 Search vendor "Xpdf" for product "Xpdf" and version "2.2"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				2.3 Search vendor "Xpdf" for product "Xpdf" and version "2.3"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				3.0 Search vendor "Xpdf" for product "Xpdf" and version "3.0"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				3.0.1 Search vendor "Xpdf" for product "Xpdf" and version "3.0.1"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				3.0_pl2 Search vendor "Xpdf" for product "Xpdf" and version "3.0_pl2"		-		Affected
Xpdf Search vendor "Xpdf"		Xpdf Search vendor "Xpdf" for product "Xpdf"				3.0_pl3 Search vendor "Xpdf" for product "Xpdf" and version "3.0_pl3"		-		Affected