CVE-2005-2097 — Xpdf vulnerability

8 documents8 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 78.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Freedesktop Poppler GNU Libextractor +1 more

Timeline

PublishedAug 16

Latest updateMay 3

Description

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶Debianxpdf/xpdf< 3.00-15+3

▶NVDxpdf/xpdf3.0, 3.0_pl2, 3.0_pl3+2

▶Debianapple/cups< 1.1.22-7+3

▶Debiangnu/libextractor< 0.5.8-1+3

▶Debianfreedesktop/poppler< 0.4.0-1+3

🔴Vulnerability Details

GHSA

GHSA-x6fq-2ggv-xgcv: xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang↗2022-05-03

▶

CVEList

CVE-2005-2097: xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang↗2005-08-16

▶

OSV

CVE-2005-2097: xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang↗2005-08-16

▶

📋Vendor Advisories

Ubuntu

xpdf vulnerability↗2005-08-10

▶

Red Hat

security flaw↗2005-08-09

▶

Debian

CVE-2005-2097: cups - xpdf and kpdf do not properly validate the "loca" table in PDF files, which allo...↗2005

▶

💬Community

Bugzilla

CVE-2005-2097 security flaw↗2018-08-16

▶