VDB
DEBIAN-CVE-2005-3627
DEBIAN-CVE-2005-3627
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | libextractor | 0, 0, 0 |
| Debian:11 | poppler | 0, 0, 0 |
| Debian:11 | libextractor | 0, 0, 0 |
| Debian:12 | cups | 0, 0, 0 |
| Debian:14 | xpdf | 0, 0, 0 |
| Debian:13 | libextractor | 0, 0, 0 |
| Debian:13 | cups | 0, 0, 0 |
| Debian:12 | libextractor | 0, 0, 0 |
| Debian:13 | poppler | 0, 0, 0 |
| Debian:13 | xpdf | 0, 0, 0 |
| Debian:12 | xpdf | 0, 0, 0 |
| Debian:12 | poppler | 0, 0, 0 |
| Debian:14 | poppler | 0, 0, 0 |
| Debian:11 | cups | 0, 0, 0 |
| Debian:11 | xpdf | 0, 0, 0 |
| Debian:14 | cups | 0, 0, 0 |
Timeline
- Dec 31, 2005 CVE Published
- Apr 28, 2026 CVE Updated