CVE-2005-3625

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Ссылки

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Patch
http://rhn.redhat.com/errata/RHSA-2006-0177.html
Patch
Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txt
Exploit
http://secunia.com/advisories/18147
http://secunia.com/advisories/18303
Patch
Vendor Advisory
http://secunia.com/advisories/18312
Patch
Vendor Advisory
http://secunia.com/advisories/18313
Patch
Vendor Advisory
http://secunia.com/advisories/18329
Vendor Advisory
http://secunia.com/advisories/18332
Vendor Advisory
http://secunia.com/advisories/18334
Patch
Vendor Advisory
http://secunia.com/advisories/18335
Patch
Vendor Advisory
http://secunia.com/advisories/18338
Patch
Vendor Advisory
http://secunia.com/advisories/18349
Patch
Vendor Advisory
http://secunia.com/advisories/18373
http://secunia.com/advisories/18375
Vendor Advisory
http://secunia.com/advisories/18380

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*

cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:kpdf:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:kword:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:libextractor:libextractor:*:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sgi:propack:3.0:sp6:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86-64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*

cpe:2.3:o:sco:openserver:6.0:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*

cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:s_390:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux:10:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_multimedia:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_personal:*:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:*:*:*:*:*:*:*

cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

EPSS

Процентиль: 93%

0.11286

Средний

10 Critical

CVSS2

Дефекты

CWE-399

Связанные уязвимости

CVE-2005-3625

ubuntu

больше 19 лет назад

CVE-2005-3625

redhat

больше 19 лет назад

CVE-2005-3625

debian

больше 19 лет назад

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...

GHSA-jm8v-5wvv-cpmw

github

больше 3 лет назад

BDU:2015-09484

fstec

больше 19 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 93%

0.11286

Средний

10 Critical

CVSS2

Дефекты

CWE-399