CVE-2005-3193 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Xpdf
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer33 documents8 sources
Severity
5.1MEDIUMNVD
EPSS
3.0%
top 13.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 7
Latest updateMay 3
Description
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
CVSS vector
AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4
Affected Packages5 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-92gm-9hj8-rfmw: Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream↗2022-05-03
OSV▶
CVE-2005-3193: Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream↗2005-12-07
CVEList▶
CVE-2005-3193: Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream↗2005-12-07
📋Vendor Advisories
3💬Community
25Bugzilla▶
CVE-2005-3191 xpdf issues in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect poppler in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect kdegraphics in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16