Launchpad.net

CVE 2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

Related bugs and status

CVE-2005-3192 (Candidate) is related to these bugs:

Bug #26647: libpoppler0c2: source taken from xpdf may introduce heap-overflow vulnerabilities

Summary				In	Importance	Status
	26647	libpoppler0c2: source taken from xpdf may introduce heap-overflow vulnerabilities		poppler (Ubuntu)	High	Fix Released
	26647	libpoppler0c2: source taken from xpdf may introduce heap-overflow vulnerabilities		poppler (Debian)	Unknown	Fix Released

Bug #26650: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Summary				In	Importance	Status
	26650	tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy		tetex-bin (Ubuntu)	High	Fix Released
	26650	tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy		tetex-bin (Debian)	Unknown	Fix Released

Bug #28030: poppler: New integer overflows [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]

Summary				In	Importance	Status
	28030	poppler: New integer overflows [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]		poppler (Ubuntu)	High	Fix Released
	28030	poppler: New integer overflows [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]		poppler (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
CONFIRM: ftp://ftp.foolabs.com/...
REDHAT: RHSA-2005:840
BID: 15725
SECUNIA: 17897
SECTRACK: 1015309
SECTRACK: 1015324
SECUNIA: 17912
SECUNIA: 17916
SECUNIA: 17920
SECUNIA: 17921
SECUNIA: 17929
SECUNIA: 17940
CONFIRM: http://www.kde.org/inf...
UBUNTU: USN-227-1
SECUNIA: 17908
SECUNIA: 17976
SECUNIA: 18009
FEDORA: FEDORA-2005-1141
FEDORA: FEDORA-2005-1142
GENTOO: GLSA-200512-08
SECUNIA: 18055
SECUNIA: 18061
REDHAT: RHSA-2005:867
REDHAT: RHSA-2005:878
SECUNIA: 17926
REDHAT: RHSA-2005:868
SECUNIA: 18191
SECUNIA: 18192
SECUNIA: 18189
CONFIRM: http://www.kde.org/inf...
MISC: http://scary.beasts.or...
GENTOO: GLSA-200601-02
TRUSTIX: TSLSA-2005-0072
SECUNIA: 18313
SECUNIA: 18336
DEBIAN: DSA-931
DEBIAN: DSA-932
SUSE: SUSE-SA:2006:001
SECUNIA: 18387
SECUNIA: 18416
SECUNIA: 18349
SECUNIA: 18385
SECUNIA: 18389
SECUNIA: 18448
DEBIAN: DSA-936
DEBIAN: DSA-950
REDHAT: RHSA-2006:0160
SUSE: SUSE-SR:2006:002
SECUNIA: 18398
SECUNIA: 18407
SECUNIA: 18534
SECUNIA: 18549
SECUNIA: 18582
SGI: 20051201-01-U
SGI: 20060101-01-U
SECUNIA: 18303
SECUNIA: 18517
SECUNIA: 18554
DEBIAN: DSA-961
DEBIAN: DSA-962
FEDORA: FEDORA-2005-1126
FEDORA: FEDORA-2005-1127
SECUNIA: 17955
SECUNIA: 18674
SECUNIA: 18675
SECUNIA: 18679
SECUNIA: 18908
SECUNIA: 18913
SGI: 20060201-01-U
SECUNIA: 19230
SCO: SCOSA-2006.15
SECUNIA: 19377
DEBIAN: DSA-937
SECUNIA: 18503
SECUNIA: 18380
SECUNIA: 18428
SECUNIA: 18436
SUSE: SUSE-SR:2005:029
SUSE: SUSE-SR:2006:001
SCO: SCOSA-2006.20
SCO: SCOSA-2006.21
SECUNIA: 19797
SECUNIA: 19798
SUNALERT: 102972
SECUNIA: 25729
CONFIRM: https://issues.rpath.c...
SECUNIA: 26413
SREASON: 235
SREASON: 240
MANDRAKE: MDKSA-2006:010
MANDRIVA: MDKSA-2006:003
MANDRIVA: MDKSA-2006:004
MANDRIVA: MDKSA-2006:005
MANDRIVA: MDKSA-2006:006
MANDRIVA: MDKSA-2006:008
MANDRIVA: MDKSA-2006:011
VUPEN: ADV-2005-2755
VUPEN: ADV-2005-2786
VUPEN: ADV-2005-2789
VUPEN: ADV-2005-2790
VUPEN: ADV-2005-2788
VUPEN: ADV-2005-2856
VUPEN: ADV-2005-2787
VUPEN: ADV-2007-2280
IDEFENSE: 20051205 Multiple Vend...
SLACKWARE: SSA:2006-045-04
SLACKWARE: SSA:2006-045-09
XF: xpdf-streampredictor-b...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20051207 [KDE Security...
FEDORA: FLSA:175404
FEDORA: FLSA-2006:176751