VDB
CVE-2005-3192
CVE-2005-3192
PUBLISHED
CVSS 7.5 HIGH
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
EPSS 12.28% · 94.0th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
12.28%
94.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| xpdf | xpdf | 3.0.1 |
Exploit Intelligence
- 17929 (circl)
- 19797 (circl)
- xpdf-streampredictor-bo(23442) (circl)
- SCOSA-2006.20 (circl)
- DSA-932 (circl)
- 18349 (circl)
- SCOSA-2006.15 (circl)
- 18055 (circl)
- http://scary.beasts.org/security/CESA-2005-003.txt (circl)
- http://www.kde.org/info/security/advisory-20051207-1.txt (circl)
…and 102 more exploits
Timeline
- Dec 8, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 3, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 17929 third-party-advisory
- 19797 third-party-advisory
- xpdf-streampredictor-bo(23442) vdb
- SCOSA-2006.20 vendor-advisory
- DSA-932 vendor-advisory
- 18349 third-party-advisory
- SCOSA-2006.15 vendor-advisory
- 18055 third-party-advisory
- http://scary.beasts.org/security/CESA-2005-003.txt url
- http://www.kde.org/info/security/advisory-20051207-1.txt url
- 18503 third-party-advisory
- oval:org.mitre.oval:def:10914 vdb
- 18549 third-party-advisory
- http://www.kde.org/info/security/advisory-20051207-2.txt url
- 18679 third-party-advisory
- 18189 third-party-advisory
- 26413 third-party-advisory
- 17940 third-party-advisory
- 18303 third-party-advisory
- DSA-931 vendor-advisory
…and 95 more