Published: 02/05/2005 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and previous versions allows remote malicious users to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xpdf xpdf 0.4
xpdf xpdf 0.5
xpdf xpdf 0.91
xpdf xpdf 0.91a
xpdf xpdf 0.92e
xpdf xpdf 0.93
xpdf xpdf 2.0
xpdf xpdf 2.1
xpdf xpdf 0.5a
xpdf xpdf 0.6
xpdf xpdf 0.91b
xpdf xpdf 0.91c
xpdf xpdf 0.93a
xpdf xpdf 0.93b
xpdf xpdf 2.2
xpdf xpdf 2.3
xpdf xpdf 0.7
xpdf xpdf 0.7a
xpdf xpdf 0.92
xpdf xpdf 0.92a
xpdf xpdf 0.93c
xpdf xpdf 1.0
xpdf xpdf 3.0
xpdf xpdf 0.2
xpdf xpdf 0.3
xpdf xpdf 0.80
xpdf xpdf 0.90
xpdf xpdf 0.92b
xpdf xpdf 0.92c
xpdf xpdf 0.92d
xpdf xpdf 1.0a
xpdf xpdf 1.1

A buffer overflow has been found in the xpdf viewer An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges ...

iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite Similar code is present in the PDF processing part of CUPS A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code For the stable distribution (woody) this problem has been fixed in version 1114-5woody12 In ...

iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code For the stable distribution (woody) this problem has been fixed in version 100-34 For the unstable distribution (sid) this problem has been fixed in ve ...

Synopsis cups security update Type/Severity Security Advisory: Important Topic Updated CUPS packages that fixes a security issue are now available Description The Common UNIX Printing System provides a portable printing layer forUNIX(R) operating systemsA buffer overflow flaw was found in ...

Synopsis CUPS security update Type/Severity Security Advisory: Important Topic Updated CUPS packages that fix several security issues are now availableThis update has been rated as having important security impact by the Red HatSecurity Response Team Description The Common UNIX Printing S ...

Synopsis tetex security update Type/Severity Security Advisory: Moderate Topic Updated tetex packages that resolve security issues are now available for RedHat Enterprise Linux 4This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description ...

Synopsis xpdf security update Type/Severity Security Advisory: Important Topic An updated xpdf package that fixes several security issues is now availableThis update has been rated as having important security impact by the Red HatSecurity Response Team Description Xpdf is an X Window Sys ...

Synopsis kdegraphics security update Type/Severity Security Advisory: Important Topic Updated kdegraphics packages that resolve security issues in kpdf are nowavailableThis update has been rated as having important security impact by the Red HatSecurity Response Team Description The kdegr ...

Synopsis xpdf security update Type/Severity Security Advisory: Important Topic Updated Xpdf package that fixes a stack based buffer overflow security issueis now available Description Xpdf is an X Window System based viewer for Portable Document Format (PDF)filesA buffer overflow flaw was ...

Synopsis gpdf security update Type/Severity Security Advisory: Important Topic An updated gpdf package that fixes two security issues is now availableThis update has been rated as having important security impact by the Red HatSecurity Response Team Description GPdf is a viewer for Portab ...

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921 http://www.debian.org/security/2005/dsa-645 http://www.debian.org/security/2005/dsa-648 https://bugzilla.fedora.us/show_bug.cgi?id=2352 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.redhat.com/support/errata/RHSA-2005-034.html http://www.redhat.com/support/errata/RHSA-2005-053.html http://www.redhat.com/support/errata/RHSA-2005-057.html http://www.redhat.com/support/errata/RHSA-2005-059.html http://www.redhat.com/support/errata/RHSA-2005-066.html http://www.trustix.org/errata/2005/0003/ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt http://secunia.com/advisories/17277 http://www.redhat.com/support/errata/RHSA-2005-026.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:016 http://www.mandriva.com/security/advisories?name=MDKSA-2005:017 http://www.mandriva.com/security/advisories?name=MDKSA-2005:018 http://www.mandriva.com/security/advisories?name=MDKSA-2005:019 http://www.mandriva.com/security/advisories?name=MDKSA-2005:020 http://www.mandriva.com/security/advisories?name=MDKSA-2005:021 http://marc.info/?l=bugtraq&m=110625368019554&w=2 https://security.gentoo.org/glsa/200502-10 https://security.gentoo.org/glsa/200501-28 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781 https://usn.ubuntu.com/64-1/https://nvd.nist.gov

Get Started

CVE-2005-0064

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect