CVE-2005-3628
Summary
| CVE | CVE-2005-3628 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-12-31 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Advisories - Mandriva Linux OS | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Secunia - Advisories - Debian update for koffice | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - Debian update for pdftohtml | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - Debian update for kpdf | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Debian -- Page not found | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Debian -- Security Information -- DSA-936-1 libextractor | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Patch, Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| patches.sgi.com/support/free/security/advisories/20060201-01-U | af854a3a-2127-422b-91ae-364da2661108 | patches.sgi.com | |
| Secunia - Advisories - Slackware update for kdegraphics | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - libextractor Multiple Xpdf Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Secunia - Advisories - Debian update for xpdf | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Debian -- Page not found | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Advisories - Mandriva Linux OS | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Debian -- Security Information -- DSA-950-1 cupsys | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Patch, Vendor Advisory |
| Debian -- Page not found | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Secunia - Advisories - Debian update for pdfkit.framework | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | slackware.com | |
| Debian -- Page not found | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Secunia - Advisories - SUSE updates for xpdf / kpdf / gpdf / kword | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Secunia - Advisories - Debian update for cupsys | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Debian -- Page not found | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Secunia - Advisories - GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - Slackware update for xpdf | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - Debian update for gpdf | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Advisories - Mandriva Linux OS | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - Mandriva update for cups | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Patch, Vendor Advisory |
| SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001) | af854a3a-2127-422b-91ae-364da2661108 | lists.suse.com | Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-961-1 pdfkit.framework | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | slackware.com | |
| Debian -- Security Information -- DSA-962-1 pdftohtml | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Secunia - Advisories - Red Hat update for tetex | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Secunia - Advisories - Mandriva update for tetex | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - Debian update for libextractor | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| Secunia - Advisories - Debian update for tetex-bin | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-03-14 | Mark J Cox | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
There are currently no legacy QID mappings associated with this CVE.