CVE-2005-3625

HIGH

Description

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U

http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

http://rhn.redhat.com/errata/RHSA-2006-0177.html

http://scary.beasts.org/security/CESA-2005-003.txt

http://secunia.com/advisories/18147

http://secunia.com/advisories/18303

http://secunia.com/advisories/18312

http://secunia.com/advisories/18313

http://secunia.com/advisories/18329

http://secunia.com/advisories/18332

http://secunia.com/advisories/18334

http://secunia.com/advisories/18335

http://secunia.com/advisories/18338

http://secunia.com/advisories/18349

http://secunia.com/advisories/18373

http://secunia.com/advisories/18375

http://secunia.com/advisories/18380

http://secunia.com/advisories/18385

http://secunia.com/advisories/18387

http://secunia.com/advisories/18389

http://secunia.com/advisories/18398

http://secunia.com/advisories/18407

http://secunia.com/advisories/18414

http://secunia.com/advisories/18416

http://secunia.com/advisories/18423

http://secunia.com/advisories/18425

http://secunia.com/advisories/18428

http://secunia.com/advisories/18436

http://secunia.com/advisories/18448

http://secunia.com/advisories/18463

http://secunia.com/advisories/18517

http://secunia.com/advisories/18534

http://secunia.com/advisories/18554

http://secunia.com/advisories/18582

http://secunia.com/advisories/18642

http://secunia.com/advisories/18644

http://secunia.com/advisories/18674

http://secunia.com/advisories/18675

http://secunia.com/advisories/18679

http://secunia.com/advisories/18908

http://secunia.com/advisories/18913

http://secunia.com/advisories/19230

http://secunia.com/advisories/19377

http://secunia.com/advisories/25729

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

http://www.debian.org/security/2005/dsa-931

http://www.debian.org/security/2005/dsa-932

http://www.debian.org/security/2005/dsa-937

http://www.debian.org/security/2005/dsa-938

http://www.debian.org/security/2005/dsa-940

http://www.debian.org/security/2006/dsa-936

http://www.debian.org/security/2006/dsa-950

http://www.debian.org/security/2006/dsa-961

http://www.debian.org/security/2006/dsa-962

http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

http://www.kde.org/info/security/advisory-20051207-2.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html

http://www.redhat.com/support/errata/RHSA-2006-0160.html

http://www.redhat.com/support/errata/RHSA-2006-0163.html

http://www.securityfocus.com/archive/1/427053/100/0/threaded

http://www.securityfocus.com/archive/1/427990/100/0/threaded

http://www.securityfocus.com/bid/16143

http://www.trustix.org/errata/2006/0002/

http://www.vupen.com/english/advisories/2006/0047

http://www.vupen.com/english/advisories/2007/2280

https://exchange.xforce.ibmcloud.com/vulnerabilities/24023

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575

https://usn.ubuntu.com/236-1/

Details

Source: MITRE

Published: 2005-12-31

Updated: 2018-10-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*

cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:kpdf:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:kword:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:libextractor:libextractor:*:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sgi:propack:3.0:sp6:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86-64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*

cpe:2.3:o:sco:openserver:6.0:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:s_390:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux:10:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_multimedia:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_personal:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
62251Fedora Core 3 : tetex-2.0.2-21.7.FC3 (2005-029)NessusFedora Local Security Checks
critical
62250Fedora Core 4 : tetex-3.0-9.FC4 (2005-028)NessusFedora Local Security Checks
critical
22828Debian DSA-962-1 : pdftohtml - buffer overflowsNessusDebian Local Security Checks
critical
22827Debian DSA-961-1 : pdfkit.framework - buffer overflowsNessusDebian Local Security Checks
critical
22816Debian DSA-950-1 : cupsys - buffer overflowsNessusDebian Local Security Checks
critical
22806Debian DSA-940-1 : gpdf - buffer overflowsNessusDebian Local Security Checks
critical
22804Debian DSA-938-1 : koffice - buffer overflowsNessusDebian Local Security Checks
critical
22803Debian DSA-937-1 : tetex-bin - buffer overflowsNessusDebian Local Security Checks
critical
22802Debian DSA-936-1 : libextractor - buffer overflowsNessusDebian Local Security Checks
critical
22798Debian DSA-932-1 : kdegraphics - buffer overflowsNessusDebian Local Security Checks
critical
22797Debian DSA-931-1 : xpdf - buffer overflowsNessusDebian Local Security Checks
critical
21980CentOS 4 : gpdf (CESA-2006:0177)NessusCentOS Local Security Checks
critical
21972CentOS 4 : kdegraphics (CESA-2005:868)NessusCentOS Local Security Checks
critical
21886CentOS 3 / 4 : cups (CESA-2006:0163)NessusCentOS Local Security Checks
critical
21885CentOS 3 / 4 : tetex (CESA-2006:0160)NessusCentOS Local Security Checks
critical
21873CentOS 3 / 4 : xpdf (CESA-2005:840)NessusCentOS Local Security Checks
critical
20920Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : xpdf (SSA:2006-045-09)NessusSlackware Local Security Checks
critical
20915Slackware 10.0 / 10.1 / 10.2 / current : kdegraphics (SSA:2006-045-04)NessusSlackware Local Security Checks
critical
20829GLSA-200601-17 : Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflowsNessusGentoo Local Security Checks
critical
20782Ubuntu 5.04 / 5.10 : kdegraphics, koffice vulnerabilities (USN-236-2)NessusUbuntu Local Security Checks
critical
20781Ubuntu 4.10 / 5.04 / 5.10 : xpdf, poppler, cupsys, tetex-bin vulnerabilities (USN-236-1)NessusUbuntu Local Security Checks
critical
20752RHEL 2.1 / 3 / 4 : tetex (RHSA-2006:0160)NessusRed Hat Local Security Checks
critical
20482RHEL 4 : gpdf (RHSA-2006:0177)NessusRed Hat Local Security Checks
critical
20481RHEL 3 / 4 : cups (RHSA-2006:0163)NessusRed Hat Local Security Checks
critical
20478Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)NessusMandriva Local Security Checks
critical
20477Mandrake Linux Security Advisory : tetex (MDKSA-2006:011)NessusMandriva Local Security Checks
critical
20476Mandrake Linux Security Advisory : cups (MDKSA-2006:010)NessusMandriva Local Security Checks
critical
20474Mandrake Linux Security Advisory : koffice (MDKSA-2006:008)NessusMandriva Local Security Checks
critical
20412GLSA-200601-02 : KPdf, KWord: Multiple overflows in included Xpdf codeNessusGentoo Local Security Checks
critical
20410Fedora Core 3 : tetex-2.0.2-21.7.FC3 (2006-029)NessusFedora Local Security Checks
critical
20409Fedora Core 4 : tetex-3.0-9.FC4 (2006-028)NessusFedora Local Security Checks
critical
20407Fedora Core 4 : poppler-0.4.4-1.1 (2006-026)NessusFedora Local Security Checks
critical
20406Fedora Core 3 : gpdf-2.8.2-7.2 (2006-025)NessusFedora Local Security Checks
critical
20363RHEL 4 : kdegraphics (RHSA-2005:868)NessusRed Hat Local Security Checks
critical
20268RHEL 2.1 / 3 / 4 : xpdf (RHSA-2005:840)NessusRed Hat Local Security Checks
critical
16167Fedora Core 2 : kernel-2.6.10-1.9_FC2 (2005-026)NessusFedora Local Security Checks
critical
16166Fedora Core 3 : kernel-2.6.10-1.741_FC3 (2005-025)NessusFedora Local Security Checks
critical
801566Fedora 2005-026 Security CheckLog Correlation EngineGeneric
high
801565Fedora 2005-025 Security CheckLog Correlation EngineGeneric
high