CVE-2005-3192 — Vulnetix

Try Vulnetix Request Demo

CVE-2005-3192 PUBLISHED CVSS 7.5 HIGH

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

EPSS 12.28% · 93.8th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

12.28%

93.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
xpdf	xpdf	3.0.1

Timeline

Dec 8, 2005 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

17929 third-party-advisory
19797 third-party-advisory
xpdf-streampredictor-bo(23442) vdb
SCOSA-2006.20 vendor-advisory
DSA-932 vendor-advisory
18349 third-party-advisory
SCOSA-2006.15 vendor-advisory
18055 third-party-advisory
http://scary.beasts.org/security/CESA-2005-003.txt url
http://www.kde.org/info/security/advisory-20051207-1.txt url
18503 third-party-advisory
oval:org.mitre.oval:def:10914 vdb
18549 third-party-advisory
http://www.kde.org/info/security/advisory-20051207-2.txt url
18679 third-party-advisory
18189 third-party-advisory
26413 third-party-advisory
17940 third-party-advisory
18303 third-party-advisory
DSA-931 vendor-advisory

…and 95 more

Open in Interactive Console →