CVE-2005-0064

Опубликовано: 02 мая 2005

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Ссылки

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=110625368019554&w=2
http://secunia.com/advisories/17277
http://www.debian.org/security/2005/dsa-645
Patch
Vendor Advisory
http://www.debian.org/security/2005/dsa-648
Patch
Vendor Advisory
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
Exploit
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-053.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-057.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-059.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-066.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xpdf:xpdf:0.2:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.3:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.4:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.5:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.5a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.6:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.7:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.7a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.80:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.91a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.91b:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.91c:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92b:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92c:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92d:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92e:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.93a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.93b:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.93c:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10502

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2005-0064

ubuntu

больше 20 лет назад

CVE-2005-0064

redhat

больше 20 лет назад

CVE-2005-0064

debian

больше 20 лет назад

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc fo ...

GHSA-h375-h7pm-622c

github

больше 3 лет назад

EPSS

Процентиль: 93%

0.10502

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other