CVE-2005-3625
Severity
10.0CRITICAL
EPSS
11.3%
top 6.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 31
Latest updateMay 3
Description
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages29 packages
Also affects: Debian Linux 3.0, 3.1, Ubuntu Linux 4.1, 5.04, 5.10, Enterprise Linux 2.1, 3.0, 4.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-jm8v-5wvv-cpmw: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service↗2022-05-03
CVEList▶
CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service↗2006-01-06
OSV▶
CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service↗2005-12-31
📋Vendor Advisories
4💬Community
16Bugzilla▶
CVE-2005-3191 xpdf issues in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3624 xpdf issues in tetex for FC5test2 (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect poppler in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect kdegraphics in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16