CVE-2005-3627
Published: 12/31/2005 05:00:00
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
HIGH
CVSS v2: 7.5
CVSS v2: 7.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | xpdf (4.05) | Not Affected | Code Not Present | |
| 24.4 | xpdf (4.05) | Not Affected | Code Not Present | |
| 24.4.0 | xpdf (4.05) | Not Affected | Code Not Present | |
| 24.3 | xpdf (4.05) | Not Affected | Code Not Present | |
| 24.2.1 | xpdf (4.05) | Not Affected | Code Not Present | |
| 24.2 | xpdf (4.05) | Not Affected | Code Not Present | |
| 24.1 | xpdf (3.02) | Not Affected | Code Not Present | |
| 23.3 | xpdf (3.02) | Not Affected | Code Not Present | |
| 23.2.1 | xpdf (3.02) | Not Affected | Code Not Present | |
| 23.2 | xpdf (3.02) | Not Affected | Code Not Present | |
| 23.1 | xpdf (3.02) | Not Affected | Code Not Present |