ID CVE-2005-3628
Summary Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:04:20.142-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
family unix
id oval:org.mitre.oval:def:10287
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
version 30
redhat via4
advisories
bugzilla
id 1617830
title CVE-2005-3628 security flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment tetex is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160001
        • comment tetex is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160002
      • AND
        • comment tetex-afm is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160003
        • comment tetex-afm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160004
      • AND
        • comment tetex-doc is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160005
        • comment tetex-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160006
      • AND
        • comment tetex-dvips is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160007
        • comment tetex-dvips is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160008
      • AND
        • comment tetex-fonts is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160009
        • comment tetex-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160010
      • AND
        • comment tetex-latex is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160011
        • comment tetex-latex is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160012
      • AND
        • comment tetex-xdvi is earlier than 0:2.0.2-22.EL4.7
          oval oval:com.redhat.rhsa:tst:20060160013
        • comment tetex-xdvi is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060160014
rhsa
id RHSA-2006:0160
released 2006-01-19
severity Moderate
title RHSA-2006:0160: tetex security update (Moderate)
rpms
  • xpdf-1:2.02-9.8
  • xpdf-1:3.00-11.10
  • xpdf-debuginfo-1:2.02-9.8
  • xpdf-debuginfo-1:3.00-11.10
  • gpdf-0:2.8.2-7.3
  • gpdf-debuginfo-0:2.8.2-7.3
  • kdegraphics-7:3.3.1-3.6
  • kdegraphics-debuginfo-7:3.3.1-3.6
  • kdegraphics-devel-7:3.3.1-3.6
  • cups-1:1.1.17-13.3.34
  • cups-1:1.1.22-0.rc1.9.9
  • cups-debuginfo-1:1.1.17-13.3.34
  • cups-debuginfo-1:1.1.22-0.rc1.9.9
  • cups-devel-1:1.1.17-13.3.34
  • cups-devel-1:1.1.22-0.rc1.9.9
  • cups-libs-1:1.1.17-13.3.34
  • cups-libs-1:1.1.22-0.rc1.9.9
  • tetex-0:1.0.7-67.9
  • tetex-0:2.0.2-22.EL4.7
  • tetex-afm-0:1.0.7-67.9
  • tetex-afm-0:2.0.2-22.EL4.7
  • tetex-debuginfo-0:1.0.7-67.9
  • tetex-debuginfo-0:2.0.2-22.EL4.7
  • tetex-doc-0:2.0.2-22.EL4.7
  • tetex-dvips-0:1.0.7-67.9
  • tetex-dvips-0:2.0.2-22.EL4.7
  • tetex-fonts-0:1.0.7-67.9
  • tetex-fonts-0:2.0.2-22.EL4.7
  • tetex-latex-0:1.0.7-67.9
  • tetex-latex-0:2.0.2-22.EL4.7
  • tetex-xdvi-0:1.0.7-67.9
  • tetex-xdvi-0:2.0.2-22.EL4.7
refmap via4
debian
  • DSA-931
  • DSA-932
  • DSA-936
  • DSA-937
  • DSA-938
  • DSA-940
  • DSA-950
  • DSA-961
  • DSA-962
fedora
  • FLSA-2006:176751
  • FLSA:175404
mandrake MDKSA-2006:010
mandriva
  • MDKSA-2006:011
  • MDKSA-2006:012
secunia
  • 18147
  • 18380
  • 18385
  • 18387
  • 18389
  • 18398
  • 18407
  • 18416
  • 18428
  • 18436
  • 18534
  • 18582
  • 18674
  • 18675
  • 18679
  • 18908
  • 18913
  • 19230
sgi 20060201-01-U
slackware
  • SSA:2006-045-04
  • SSA:2006-045-09
suse SUSE-SA:2006:001
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-10-2018 - 15:38
Published 31-12-2005 - 05:00
Last modified 19-10-2018 - 15:38
Back to Top