CVE-2005-3625

high

Description

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

References

https://usn.ubuntu.com/236-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575

https://exchange.xforce.ibmcloud.com/vulnerabilities/24023

http://www.vupen.com/english/advisories/2007/2280

http://www.vupen.com/english/advisories/2006/0047

http://www.trustix.org/errata/2006/0002/

http://www.securityfocus.com/bid/16143

http://www.securityfocus.com/archive/1/427990/100/0/threaded

http://www.securityfocus.com/archive/1/427053/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2006-0163.html

http://www.redhat.com/support/errata/RHSA-2006-0160.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

http://www.kde.org/info/security/advisory-20051207-2.txt

http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

http://www.debian.org/security/2006/dsa-962

http://www.debian.org/security/2006/dsa-961

http://www.debian.org/security/2006/dsa-950

http://www.debian.org/security/2006/dsa-936

http://www.debian.org/security/2005/dsa-940

http://www.debian.org/security/2005/dsa-938

http://www.debian.org/security/2005/dsa-937

http://www.debian.org/security/2005/dsa-932

http://www.debian.org/security/2005/dsa-931

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

http://secunia.com/advisories/25729

http://secunia.com/advisories/19377

http://secunia.com/advisories/19230

http://secunia.com/advisories/18913

http://secunia.com/advisories/18908

http://secunia.com/advisories/18679

http://secunia.com/advisories/18675

http://secunia.com/advisories/18674

http://secunia.com/advisories/18644

http://secunia.com/advisories/18642

http://secunia.com/advisories/18582

http://secunia.com/advisories/18554

http://secunia.com/advisories/18534

http://secunia.com/advisories/18517

http://secunia.com/advisories/18463

http://secunia.com/advisories/18448

http://secunia.com/advisories/18436

http://secunia.com/advisories/18428

http://secunia.com/advisories/18425

http://secunia.com/advisories/18423

http://secunia.com/advisories/18416

http://secunia.com/advisories/18414

http://secunia.com/advisories/18407

http://secunia.com/advisories/18398

http://secunia.com/advisories/18389

http://secunia.com/advisories/18387

http://secunia.com/advisories/18385

http://secunia.com/advisories/18380

http://secunia.com/advisories/18375

http://secunia.com/advisories/18373

http://secunia.com/advisories/18349

http://secunia.com/advisories/18338

http://secunia.com/advisories/18335

http://secunia.com/advisories/18334

http://secunia.com/advisories/18332

http://secunia.com/advisories/18329

http://secunia.com/advisories/18313

http://secunia.com/advisories/18312

http://secunia.com/advisories/18303

http://secunia.com/advisories/18147

http://rhn.redhat.com/errata/RHSA-2006-0177.html

http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Details

Source: Mitre, NVD

Published: 2005-12-31

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High