// For flags

CVE-2005-3627

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-11-16 CVE Reserved
  • 2005-12-31 CVE Published
  • 2023-04-12 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (88)
URL Tag Source
http://secunia.com/advisories/18147 Third Party Advisory
http://secunia.com/advisories/18373 Third Party Advisory
http://secunia.com/advisories/18380 Third Party Advisory
http://secunia.com/advisories/18414 Third Party Advisory
http://secunia.com/advisories/18425 Third Party Advisory
http://secunia.com/advisories/18428 Third Party Advisory
http://secunia.com/advisories/18436 Third Party Advisory
http://secunia.com/advisories/18463 Third Party Advisory
http://secunia.com/advisories/18913 Third Party Advisory
http://secunia.com/advisories/19230 Third Party Advisory
http://secunia.com/advisories/19377 Third Party Advisory
http://secunia.com/advisories/25729 Third Party Advisory
http://www.vupen.com/english/advisories/2006/0047 Vdb Entry
http://www.vupen.com/english/advisories/2007/2280 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24024 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24025 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200 Signature
URL Date SRC
http://scary.beasts.org/security/CESA-2005-003.txt 2024-08-07
URL Date SRC
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html 2018-10-19
http://rhn.redhat.com/errata/RHSA-2006-0177.html 2018-10-19
http://secunia.com/advisories/18303 2018-10-19
http://secunia.com/advisories/18312 2018-10-19
http://secunia.com/advisories/18313 2018-10-19
http://secunia.com/advisories/18334 2018-10-19
http://secunia.com/advisories/18335 2018-10-19
http://secunia.com/advisories/18338 2018-10-19
http://secunia.com/advisories/18349 2018-10-19
http://secunia.com/advisories/18385 2018-10-19
http://secunia.com/advisories/18387 2018-10-19
http://secunia.com/advisories/18389 2018-10-19
http://secunia.com/advisories/18398 2018-10-19
http://secunia.com/advisories/18407 2018-10-19
http://secunia.com/advisories/18416 2018-10-19
http://secunia.com/advisories/18423 2018-10-19
http://secunia.com/advisories/18448 2018-10-19
http://secunia.com/advisories/18517 2018-10-19
http://secunia.com/advisories/18534 2018-10-19
http://secunia.com/advisories/18554 2018-10-19
http://secunia.com/advisories/18582 2018-10-19
http://www.debian.org/security/2006/dsa-936 2018-10-19
http://www.debian.org/security/2006/dsa-950 2018-10-19
http://www.debian.org/security/2006/dsa-961 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml 2018-10-19
http://www.kde.org/info/security/advisory-20051207-2.txt 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0160.html 2018-10-19
http://www.securityfocus.com/bid/16143 2018-10-19
URL Date SRC
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U 2018-10-19
http://secunia.com/advisories/18329 2018-10-19
http://secunia.com/advisories/18332 2018-10-19
http://secunia.com/advisories/18375 2018-10-19
http://secunia.com/advisories/18642 2018-10-19
http://secunia.com/advisories/18644 2018-10-19
http://secunia.com/advisories/18674 2018-10-19
http://secunia.com/advisories/18675 2018-10-19
http://secunia.com/advisories/18679 2018-10-19
http://secunia.com/advisories/18908 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 2018-10-19
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 2018-10-19
http://www.debian.org/security/2005/dsa-931 2018-10-19
http://www.debian.org/security/2005/dsa-932 2018-10-19
http://www.debian.org/security/2005/dsa-937 2018-10-19
http://www.debian.org/security/2005/dsa-938 2018-10-19
http://www.debian.org/security/2005/dsa-940 2018-10-19
http://www.debian.org/security/2006/dsa-962 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0163.html 2018-10-19
http://www.securityfocus.com/archive/1/427053/100/0/threaded 2018-10-19
http://www.securityfocus.com/archive/1/427990/100/0/threaded 2018-10-19
http://www.trustix.org/errata/2006/0002 2018-10-19
https://usn.ubuntu.com/236-1 2018-10-19
https://access.redhat.com/security/cve/CVE-2005-3627 2006-01-11
https://bugzilla.redhat.com/show_bug.cgi?id=1617829 2006-01-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xpdf
Search vendor "Xpdf"
 Xpdf
Search vendor "Xpdf" for product "Xpdf"
*-
Affected