CVE-2005-3192 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xpdf
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer33 documents8 sources
Severity
7.5HIGHNVD
EPSS
12.3%
top 6.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 8
Latest updateMay 3
Description
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages5 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-xj67-863c-2vj3: Heap-based buffer overflow in the StreamPredictor function in Xpdf 3↗2022-05-03
CVEList
▶
📋Vendor Advisories
3💬Community
26Bugzilla▶
CVE-2005-3191 xpdf issues in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect poppler in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect kdegraphics in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla
▶