Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2005-2097

Published: 16/08/2005 Updated: 19/10/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Kpdf

Vulnerability Summary

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Vulnerable Product Search on Vulmon Subscribe to Product

kde kpdf

xpdf xpdf 3.0_pl3

xpdf xpdf 3.0

xpdf xpdf 3.0_pl2

Vendor Advisories

Ubuntu Security Notice: xpdf vulnerability
xpdf and kpdf did not sufficiently verify the validity of the “loca” table in PDF files, a table that contains glyph description information for embedded TrueType fonts After detecting the broken table, xpdf attempted to reconstruct the information in it, which caused the generation of a huge temporary file that quickly filled up available dis ...
Red Hat: cups security update
Synopsis cups security update Type/Severity Security Advisory: Important Topic Updated CUPS packages that fix a security issue are now available for RedHat Enterprise LinuxThis update has been rated as having important security impact by the Red HatSecurity Response Team Description The C ...
Red Hat: kdegraphics security update
Synopsis kdegraphics security update Type/Severity Security Advisory: Moderate Topic Updated kdegraphics packages that resolve a security issue in kpdf are nowavailableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description The kdegra ...
Red Hat: xpdf security update
Synopsis xpdf security update Type/Severity Security Advisory: Moderate Topic An updated xpdf package that fixes a security issue is now available forRed Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Description Th ...
Red Hat: gpdf security update
Synopsis gpdf security update Type/Severity Security Advisory: Moderate Topic An updated gpdf package that fixes a security issue is now available forRed Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Description Th ...
Debian Security Advisories: DSA-780-1 kdegraphics -- wrong input sanitising
A bug has been discovered in the font handling code in xpdf, which is also present in kpdf, the PDF viewer for KDE A specially crafted PDF file could cause infinite resource consumption, in terms of both CPU and disk space The oldstable distribution (woody) is not affected by this problem For the stable distribution (sarge) this problem has been ...
Debian Security Advisories: DSA-1136-1 gpdf -- wrong input sanitising
infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which are also present in gpdf, the viewer with Gtk bindings, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code For the stable distribution (sarge) these p ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2005/dsa-780http://www.mandriva.com/security/advisories?name=MDKSA-2005:138http://www.securityfocus.com/bid/14529ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txthttp://secunia.com/advisories/17277http://www.debian.org/security/2006/dsa-936http://secunia.com/advisories/18398http://secunia.com/advisories/18407http://www.redhat.com/support/errata/RHSA-2005-670.htmlhttp://www.redhat.com/support/errata/RHSA-2005-671.htmlhttp://www.redhat.com/support/errata/RHSA-2005-706.htmlhttp://www.redhat.com/support/errata/RHSA-2005-708.htmlhttp://www.novell.com/linux/security/advisories/2005_19_sr.htmlhttp://www.debian.org/security/2006/dsa-1136http://secunia.com/advisories/21339http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1http://secunia.com/advisories/25729http://www.vupen.com/english/advisories/2007/2280https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280https://usn.ubuntu.com/163-1/http://www.securityfocus.com/archive/1/427990/100/0/threadedhttp://www.securityfocus.com/archive/1/427053/100/0/threadedhttps://usn.ubuntu.com/163-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook