// For flags

CVE-2005-3628

Debian Linux Security Advisory 937-1

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-11-16 CVE Reserved
  • 2005-12-31 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (40)
URL Tag Source
http://secunia.com/advisories/18147 Third Party Advisory
http://secunia.com/advisories/18380 Third Party Advisory
http://secunia.com/advisories/18428 Third Party Advisory
http://secunia.com/advisories/18436 Third Party Advisory
http://secunia.com/advisories/18674 Third Party Advisory
http://secunia.com/advisories/18675 Third Party Advisory
http://secunia.com/advisories/18679 Third Party Advisory
http://secunia.com/advisories/18908 Third Party Advisory
http://secunia.com/advisories/18913 Third Party Advisory
http://secunia.com/advisories/19230 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287 Signature
URL Date SRC
URL Date SRC
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html 2018-10-19
http://secunia.com/advisories/18385 2018-10-19
http://secunia.com/advisories/18387 2018-10-19
http://secunia.com/advisories/18389 2018-10-19
http://secunia.com/advisories/18398 2018-10-19
http://secunia.com/advisories/18407 2018-10-19
http://secunia.com/advisories/18416 2018-10-19
http://secunia.com/advisories/18534 2018-10-19
http://secunia.com/advisories/18582 2018-10-19
http://www.debian.org/security/2006/dsa-936 2018-10-19
http://www.debian.org/security/2006/dsa-950 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0160.html 2018-10-19
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 2018-10-19
http://www.debian.org/security/2005/dsa-931 2018-10-19
http://www.debian.org/security/2005/dsa-932 2018-10-19
http://www.debian.org/security/2005/dsa-937 2018-10-19
http://www.debian.org/security/2005/dsa-938 2018-10-19
http://www.debian.org/security/2005/dsa-940 2018-10-19
http://www.debian.org/security/2006/dsa-961 2018-10-19
http://www.debian.org/security/2006/dsa-962 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 2018-10-19
http://www.securityfocus.com/archive/1/427053/100/0/threaded 2018-10-19
http://www.securityfocus.com/archive/1/427990/100/0/threaded 2018-10-19
https://access.redhat.com/security/cve/CVE-2005-3628 2006-01-19
https://bugzilla.redhat.com/show_bug.cgi?id=1617830 2006-01-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xpdf
Search vendor "Xpdf"
 Xpdf
Search vendor "Xpdf" for product "Xpdf"
*-
Affected