exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2005-3627

Status Candidate

Overview

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Related Files

Debian Linux Security Advisory 962-1
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 962-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 6fa70a3b6a6f9fb83291fc505e7022559c6acf11137079cda7a3ba7a7d9cb364
Debian Linux Security Advisory 961-1
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 961-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 5043533427927678e995928343a8d90491370c45eda0582ade3e70b36444ccb4
Debian Linux Security Advisory 937-1
Posted Jan 15, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 937-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | cdc9ec56d3dcb6f9b94ad26d56a66168bd2d076d82981f4c60ca29a34219df94
Debian Linux Security Advisory 936-1
Posted Jan 12, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-2097, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | 05aa3a9e1b59b0e2922805f67a2a0515ad4a563507ef62f6b197bfe5c1fadfe6
Debian Linux Security Advisory 931-1
Posted Jan 10, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 931-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
SHA-256 | a51d43d11bcb80943a4cc66dcd5742c251907b7bee80f5542ce88d1aaa097349
Ubuntu Security Notice 236-1
Posted Jan 8, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-236-1 - Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627
SHA-256 | 4e65f9e03fe3b5f4069685320e3f496dda2bbf8632badd271b76c8ae64247791
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close