CVE-2005-3627

Vulnerability Description

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
• ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
• ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
• ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
• http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlPatchVendor Advisory
• http://rhn.redhat.com/errata/RHSA-2006-0177.htmlPatchVendor Advisory
• http://scary.beasts.org/security/CESA-2005-003.txtExploitVendor Advisory
• http://secunia.com/advisories/18147
• http://secunia.com/advisories/18303PatchVendor Advisory
• http://secunia.com/advisories/18312PatchVendor Advisory
• http://secunia.com/advisories/18313PatchVendor Advisory
• http://secunia.com/advisories/18329Vendor Advisory
• http://secunia.com/advisories/18332Vendor Advisory
• http://secunia.com/advisories/18334PatchVendor Advisory
• http://secunia.com/advisories/18335PatchVendor Advisory