VDB
CVE-2005-3627
CVE-2005-3627
PUBLISHED
CVSS 7.5 HIGH
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
EPSS 4.33% · 89.1th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
4.33%
89.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| xpdf | xpdf |
Timeline
- Dec 31, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Apr 12, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- 16143 vdb
- DSA-932 vendor-advisory
- 18349 third-party-advisory
- 18147 third-party-advisory
- SCOSA-2006.15 vendor-advisory
- http://scary.beasts.org/security/CESA-2005-003.txt url
- http://www.kde.org/info/security/advisory-20051207-2.txt url
- 18679 third-party-advisory
- 18312 third-party-advisory
- 18644 third-party-advisory
- USN-236-1 vendor-advisory
- 18425 third-party-advisory
- 18373 third-party-advisory
- 18303 third-party-advisory
- DSA-931 vendor-advisory
- 18554 third-party-advisory
- MDKSA-2006:003 vendor-advisory
- 19230 third-party-advisory
- 102972 vendor-advisory
- MDKSA-2006:012 vendor-advisory
…and 69 more