CVE-2005-3627
CVE-2005-3627
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txtftp://patches.sgi.com/support/free/security/advisories/20051201-01-Uftp://patches.sgi.com/support/free/security/advisories/20060101-01-Uftp://patches.sgi.com/support/free/security/advisories/20060201-01-Uhttp://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0177.htmlhttp://scary.beasts.org/security/CESA-2005-003.txthttp://secunia.com/advisories/18147http://secunia.com/advisories/18303http://secunia.com/advisories/18312http://secunia.com/advisories/18313http://secunia.com/advisories/18329