CVE-2005-3626

Current Description

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Basic Data

PublishedDecember 31, 2005
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEasy Software ProductsCups1.1.22*******
    2.3ApplicationEasy Software ProductsCups1.1.22_rc1*******
    2.3ApplicationEasy Software ProductsCups1.1.23*******
    2.3ApplicationEasy Software ProductsCups1.1.23_rc1*******
    2.3ApplicationKdeKdegraphics3.2*******
    2.3ApplicationKdeKdegraphics3.4.3*******
    2.3ApplicationKdeKoffice1.4*******
    2.3ApplicationKdeKoffice1.4.1*******
    2.3ApplicationKdeKoffice1.4.2*******
    2.3ApplicationKdeKpdf3.2*******
    2.3ApplicationKdeKpdf3.4.3*******
    2.3ApplicationKdeKword1.4.2*******
    2.3ApplicationLibextractorLibextractor********
    2.3ApplicationPopplerPoppler0.4.2*******
    2.3ApplicationSgiPropack3.0sp6******
    2.3ApplicationTetexTetex1.0.7*******
    2.3ApplicationTetexTetex2.0*******
    2.3ApplicationTetexTetex2.0.1*******
    2.3ApplicationTetexTetex2.0.2*******
    2.3ApplicationTetexTetex3.0*******
    2.3ApplicationXpdfXpdf3.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux3.0*******
    2.3OSDebianDebian Linux3.0*alpha*****
    2.3OSDebianDebian Linux3.0*arm*****
    2.3OSDebianDebian Linux3.0*hppa*****
    2.3OSDebianDebian Linux3.0*ia-32*****
    2.3OSDebianDebian Linux3.0*ia-64*****
    2.3OSDebianDebian Linux3.0*m68k*****
    2.3OSDebianDebian Linux3.0*mips*****
    2.3OSDebianDebian Linux3.0*mipsel*****
    2.3OSDebianDebian Linux3.0*ppc*****
    2.3OSDebianDebian Linux3.0*s-390*****
    2.3OSDebianDebian Linux3.0*sparc*****
    2.3OSDebianDebian Linux3.1*******
    2.3OSDebianDebian Linux3.1*alpha*****
    2.3OSDebianDebian Linux3.1*amd64*****
    2.3OSDebianDebian Linux3.1*arm*****
    2.3OSDebianDebian Linux3.1*hppa*****
    2.3OSDebianDebian Linux3.1*ia-32*****
    2.3OSDebianDebian Linux3.1*ia-64*****
    2.3OSDebianDebian Linux3.1*m68k*****
    2.3OSDebianDebian Linux3.1*mips*****
    2.3OSDebianDebian Linux3.1*mipsel*****
    2.3OSDebianDebian Linux3.1*ppc*****
    2.3OSDebianDebian Linux3.1*s-390*****
    2.3OSDebianDebian Linux3.1*sparc*****
    2.3OSGentooLinux********
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86-64*****
    2.3OSMandrakesoftMandrake Linux10.2*******
    2.3OSMandrakesoftMandrake Linux10.2*x86-64*****
    2.3OSMandrakesoftMandrake Linux2006*******
    2.3OSMandrakesoftMandrake Linux2006*x86-64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*x86_64*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux4.0*advanced_server*****
    2.3OSRedhatEnterprise Linux4.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux4.0*workstation*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatEnterprise Linux Desktop4.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSRedhatFedora Corecore_4.0*******
    2.3OSRedhatLinux7.3*i386*****
    2.3OSRedhatLinux9.0*i386*****
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium*****
    2.3OSScoOpenserver5.0.7*******
    2.3OSScoOpenserver6.0*******
    2.3OSSlackwareSlackware Linux9.0*******
    2.3OSSlackwareSlackware Linux9.1*******
    2.3OSSlackwareSlackware Linux10.0*******
    2.3OSSlackwareSlackware Linux10.1*******
    2.3OSSlackwareSlackware Linux10.2*******
    2.3OSSuseSuse Linux1.0*******
    2.3OSSuseSuse Linux9.0*enterprise_server*****
    2.3OSSuseSuse Linux9.0*personal*****
    2.3OSSuseSuse Linux9.0*professional*****
    2.3OSSuseSuse Linux9.0*s_390*****
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*personal*****
    2.3OSSuseSuse Linux9.1*professional*****
    2.3OSSuseSuse Linux9.1*x86_64*****
    2.3OSSuseSuse Linux9.2*personal*****
    2.3OSSuseSuse Linux9.2*professional*****
    2.3OSSuseSuse Linux9.2*x86_64*****
    2.3OSSuseSuse Linux9.3*personal*****
    2.3OSSuseSuse Linux9.3*professional*****
    2.3OSSuseSuse Linux9.3*x86_64*****
    2.3OSSuseSuse Linux10.0*oss*****
    2.3OSSuseSuse Linux10.0*professional*****
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.2*******
    2.3OSTrustixSecure Linux3.0*******
    2.3OSTurbolinuxTurbolinux10*******
    2.3OSTurbolinuxTurbolinuxfuji*******
    2.3OSTurbolinuxTurbolinux Appliance Server1.0_hosting_edition*******
    2.3OSTurbolinuxTurbolinux Appliance Server1.0_workgroup_edition*******
    2.3OSTurbolinuxTurbolinux Desktop10.0*******
    2.3OSTurbolinuxTurbolinux Home********
    2.3OSTurbolinuxTurbolinux Multimedia********
    2.3OSTurbolinuxTurbolinux Personal********
    2.3OSTurbolinuxTurbolinux Server8.0*******
    2.3OSTurbolinuxTurbolinux Server10.0*******
    2.3OSTurbolinuxTurbolinux Server10.0_x86*******
    2.3OSTurbolinuxTurbolinux Workstation8.0*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****
    2.3OSUbuntuUbuntu Linux5.04*amd64*****
    2.3OSUbuntuUbuntu Linux5.04*i386*****
    2.3OSUbuntuUbuntu Linux5.04*powerpc*****
    2.3OSUbuntuUbuntu Linux5.10*amd64*****
    2.3OSUbuntuUbuntu Linux5.10*i386*****
    2.3OSUbuntuUbuntu Linux5.10*powerpc*****

Vulnerable Software List

VendorProductVersions
Libextractor Libextractor *
Xpdf Xpdf 3.0
Debian Debian Linux 3.0, 3.1
Poppler Poppler 0.4.2
Slackware Slackware Linux 10.0, 10.1, 10.2, 9.0, 9.1
Easy Software Products Cups 1.1.22, 1.1.22_rc1, 1.1.23, 1.1.23_rc1
Redhat Enterprise Linux 2.1, 3.0, 4.0
Redhat Enterprise Linux Desktop 3.0, 4.0
Redhat Linux 7.3, 9.0
Redhat Fedora Core core_1.0, core_2.0, core_3.0, core_4.0
Redhat Linux Advanced Workstation 2.1
Conectiva Linux 10.0
Ubuntu Ubuntu Linux 4.1, 5.04, 5.10
Sgi Propack 3.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux Server 10.0, 10.0_x86, 8.0
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Home *
Turbolinux Turbolinux Multimedia *
Turbolinux Turbolinux Personal *
Turbolinux Turbolinux Appliance Server 1.0_hosting_edition, 1.0_workgroup_edition
Turbolinux Turbolinux 10, fuji
Tetex Tetex 1.0.7, 2.0, 2.0.1, 2.0.2, 3.0
Sco Openserver 5.0.7, 6.0
Trustix Secure Linux 2.0, 2.2, 3.0
Suse Suse Linux 1.0, 10.0, 9.0, 9.1, 9.2, 9.3
Gentoo Linux *
Mandrakesoft Mandrake Linux 10.1, 10.2, 2006
Mandrakesoft Mandrake Linux Corporate Server 2.1, 3.0
Kde Kdegraphics 3.2, 3.4.3
Kde Kword 1.4.2
Kde Koffice 1.4, 1.4.1, 1.4.2
Kde Kpdf 3.2, 3.4.3

References

NameSourceURLTags
SCOSA-2006.15ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txtSCO
20051201-01-Uftp://patches.sgi.com/support/free/security/advisories/20051201-01-USGI
20060101-01-Uftp://patches.sgi.com/support/free/security/advisories/20060101-01-USGI
20060201-01-Uftp://patches.sgi.com/support/free/security/advisories/20060201-01-USGI
SUSE-SA:2006:001http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlSUSEPATCH Vendor Advisory
RHSA-2006:0177http://rhn.redhat.com/errata/RHSA-2006-0177.htmlREDHATPATCH Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txthttp://scary.beasts.org/security/CESA-2005-003.txtMISCExploit
18147http://secunia.com/advisories/18147SECUNIA
18303http://secunia.com/advisories/18303SECUNIAVendor Advisory
18312http://secunia.com/advisories/18312SECUNIAPATCH Vendor Advisory
18313http://secunia.com/advisories/18313SECUNIAPATCH Vendor Advisory
18329http://secunia.com/advisories/18329SECUNIAVendor Advisory
18332http://secunia.com/advisories/18332SECUNIAVendor Advisory
18334http://secunia.com/advisories/18334SECUNIAPATCH Vendor Advisory
18335http://secunia.com/advisories/18335SECUNIAPATCH Vendor Advisory
18338http://secunia.com/advisories/18338SECUNIAPATCH Vendor Advisory
18349http://secunia.com/advisories/18349SECUNIAPATCH Vendor Advisory
18373http://secunia.com/advisories/18373SECUNIA
18375http://secunia.com/advisories/18375SECUNIAVendor Advisory
18380http://secunia.com/advisories/18380SECUNIA
18385http://secunia.com/advisories/18385SECUNIAPATCH Vendor Advisory
18387http://secunia.com/advisories/18387SECUNIAPATCH Vendor Advisory
18389http://secunia.com/advisories/18389SECUNIAPATCH Vendor Advisory
18398http://secunia.com/advisories/18398SECUNIAPATCH Vendor Advisory
18407http://secunia.com/advisories/18407SECUNIAPATCH Vendor Advisory
18414http://secunia.com/advisories/18414SECUNIA
18416http://secunia.com/advisories/18416SECUNIAPATCH Vendor Advisory
18423http://secunia.com/advisories/18423SECUNIAPATCH Vendor Advisory
18425http://secunia.com/advisories/18425SECUNIA
18428http://secunia.com/advisories/18428SECUNIA
18436http://secunia.com/advisories/18436SECUNIA
18448http://secunia.com/advisories/18448SECUNIAPATCH Vendor Advisory
18463http://secunia.com/advisories/18463SECUNIA
18517http://secunia.com/advisories/18517SECUNIAPATCH Vendor Advisory
18534http://secunia.com/advisories/18534SECUNIAPATCH Vendor Advisory
18554http://secunia.com/advisories/18554SECUNIAPATCH Vendor Advisory
18582http://secunia.com/advisories/18582SECUNIAPATCH Vendor Advisory
18642http://secunia.com/advisories/18642SECUNIAVendor Advisory
18644http://secunia.com/advisories/18644SECUNIAVendor Advisory
18674http://secunia.com/advisories/18674SECUNIAVendor Advisory
18675http://secunia.com/advisories/18675SECUNIAVendor Advisory
18679http://secunia.com/advisories/18679SECUNIAVendor Advisory
18908http://secunia.com/advisories/18908SECUNIA
18913http://secunia.com/advisories/18913SECUNIA
19230http://secunia.com/advisories/19230SECUNIA
19377http://secunia.com/advisories/19377SECUNIA
25729http://secunia.com/advisories/25729SECUNIA
SSA:2006-045-09http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683SLACKWARE
SSA:2006-045-04http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747SLACKWARE
102972http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1SUNALERT
DSA-931http://www.debian.org/security/2005/dsa-931DEBIAN
DSA-932http://www.debian.org/security/2005/dsa-932DEBIAN
DSA-937http://www.debian.org/security/2005/dsa-937DEBIAN
DSA-938http://www.debian.org/security/2005/dsa-938DEBIAN
DSA-940http://www.debian.org/security/2005/dsa-940DEBIAN
DSA-936http://www.debian.org/security/2006/dsa-936DEBIANPATCH Vendor Advisory
DSA-950http://www.debian.org/security/2006/dsa-950DEBIANPATCH Vendor Advisory
DSA-961http://www.debian.org/security/2006/dsa-961DEBIANPATCH Vendor Advisory
DSA-962http://www.debian.org/security/2006/dsa-962DEBIAN
GLSA-200601-02http://www.gentoo.org/security/en/glsa/glsa-200601-02.xmlGENTOOPATCH Vendor Advisory
GLSA-200601-17http://www.gentoo.org/security/en/glsa/glsa-200601-17.xmlGENTOO
http://www.kde.org/info/security/advisory-20051207-2.txthttp://www.kde.org/info/security/advisory-20051207-2.txtCONFIRMPATCH Vendor Advisory
MDKSA-2006:003http://www.mandriva.com/security/advisories?name=MDKSA-2006:003MANDRIVA
MDKSA-2006:004http://www.mandriva.com/security/advisories?name=MDKSA-2006:004MANDRIVA
MDKSA-2006:005http://www.mandriva.com/security/advisories?name=MDKSA-2006:005MANDRIVA
MDKSA-2006:006http://www.mandriva.com/security/advisories?name=MDKSA-2006:006MANDRIVA
MDKSA-2006:008http://www.mandriva.com/security/advisories?name=MDKSA-2006:008MANDRIVA
MDKSA-2006:010http://www.mandriva.com/security/advisories?name=MDKSA-2006:010MANDRAKE
MDKSA-2006:011http://www.mandriva.com/security/advisories?name=MDKSA-2006:011MANDRIVA
MDKSA-2006:012http://www.mandriva.com/security/advisories?name=MDKSA-2006:012MANDRIVA
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.htmlhttp://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.htmlCONFIRMPATCH
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.htmlhttp://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.htmlCONFIRMPATCH
FEDORA-2005-025http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.htmlFEDORA
FEDORA-2005-026http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.htmlFEDORA
RHSA-2006:0160http://www.redhat.com/support/errata/RHSA-2006-0160.htmlREDHATPATCH Vendor Advisory
RHSA-2006:0163http://www.redhat.com/support/errata/RHSA-2006-0163.htmlREDHAT
FLSA-2006:176751http://www.securityfocus.com/archive/1/427053/100/0/threadedFEDORA
FLSA:175404http://www.securityfocus.com/archive/1/427990/100/0/threadedFEDORA
16143http://www.securityfocus.com/bid/16143BIDPATCH
2006-0002http://www.trustix.org/errata/2006/0002/TRUSTIX
ADV-2006-0047http://www.vupen.com/english/advisories/2006/0047VUPEN
ADV-2007-2280http://www.vupen.com/english/advisories/2007/2280VUPEN
xpdf-flatedecode-dos(24026)https://exchange.xforce.ibmcloud.com/vulnerabilities/24026XF
oval:org.mitre.oval:def:9992https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9992OVAL
USN-236-1https://usn.ubuntu.com/236-1/UBUNTU