CVE-2005-3628

Summary

CVE	CVE-2005-3628
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-12-31 05:00:00 UTC
Updated	2018-10-19 15:38:00 UTC
Description	Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Xpdf	Xpdf	All	All	All	All
Application	Xpdf	Xpdf	All	All	All	All

References

Reference	Source	Link	Tags
Secunia - Advisories - Debian update for pdfkit.framework	SECUNIA	secunia.com
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia	SECUNIA	secunia.com
Secunia - Advisories - Debian update for tetex-bin	SECUNIA	secunia.com
Debian -- Security Information -- DSA-936-1 libextractor	DEBIAN	www.debian.org	Patch, Vendor Advisory
Secunia - Advisories - Mandriva update for cups	SECUNIA	secunia.com	Patch, Vendor Advisory
SecurityFocus	FEDORA	www.securityfocus.com
Debian -- Page not found	DEBIAN	www.debian.org
SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001)	SUSE	lists.suse.com	Patch, Vendor Advisory
Debian -- Security Information -- DSA-962-1 pdftohtml	DEBIAN	www.debian.org
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Patch, Vendor Advisory
Secunia - Advisories - Slackware update for xpdf	SECUNIA	secunia.com
Advisories - Mandriva Linux OS	MANDRAKE	www.mandriva.com
20060201-01-U	SGI	patches.sgi.com
Advisories - Mandriva Linux OS	MANDRIVA	www.mandriva.com
Advisories - Mandriva Linux OS	MANDRIVA	www.mandriva.com
Secunia - Advisories - Debian update for libextractor	SECUNIA	secunia.com	Patch, Vendor Advisory
Debian -- Page not found	DEBIAN	www.debian.org
Repository / Oval Repository	OVAL	oval.cisecurity.org
Debian -- Page not found	DEBIAN	www.debian.org
Secunia - Advisories - Debian update for kpdf	SECUNIA	secunia.com	Patch, Vendor Advisory
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
Debian -- Page not found	DEBIAN	www.debian.org
Secunia - Advisories - Debian update for koffice	SECUNIA	secunia.com
Debian -- Page not found	DEBIAN	www.debian.org
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
Secunia - Advisories - libextractor Multiple Xpdf Vulnerabilities	SECUNIA	secunia.com	Patch, Vendor Advisory
Secunia - Advisories - SUSE updates for xpdf / kpdf / gpdf / kword	SECUNIA	secunia.com	Patch, Vendor Advisory
Secunia - Advisories - Debian update for pdftohtml	SECUNIA	secunia.com
Debian -- Security Information -- DSA-961-1 pdfkit.framework	DEBIAN	www.debian.org
Secunia - Advisories - Red Hat update for tetex	SECUNIA	secunia.com	Patch, Vendor Advisory
Secunia - Advisories - Debian update for cupsys	SECUNIA	secunia.com	Patch, Vendor Advisory
Secunia - Advisories - Slackware update for kdegraphics	SECUNIA	secunia.com
Secunia - Advisories - GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities	SECUNIA	secunia.com
Secunia - Advisories - Debian update for xpdf	SECUNIA	secunia.com	Patch, Vendor Advisory
SecurityFocus	FEDORA	www.securityfocus.com
Secunia - Advisories - Mandriva update for tetex	SECUNIA	secunia.com
Debian -- Security Information -- DSA-950-1 cupsys	DEBIAN	www.debian.org	Patch, Vendor Advisory
Secunia - Advisories - Debian update for gpdf	SECUNIA	secunia.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

There are currently no legacy QID mappings associated with this CVE.