ID CVE-2005-0064
Summary Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
References
Vulnerable Configurations
  • cpe:2.3:a:xpdf:xpdf:0.2
    cpe:2.3:a:xpdf:xpdf:0.2
  • cpe:2.3:a:xpdf:xpdf:0.3
    cpe:2.3:a:xpdf:xpdf:0.3
  • cpe:2.3:a:xpdf:xpdf:0.4
    cpe:2.3:a:xpdf:xpdf:0.4
  • cpe:2.3:a:xpdf:xpdf:0.5
    cpe:2.3:a:xpdf:xpdf:0.5
  • cpe:2.3:a:xpdf:xpdf:0.5a
    cpe:2.3:a:xpdf:xpdf:0.5a
  • cpe:2.3:a:xpdf:xpdf:0.6
    cpe:2.3:a:xpdf:xpdf:0.6
  • cpe:2.3:a:xpdf:xpdf:0.7
    cpe:2.3:a:xpdf:xpdf:0.7
  • cpe:2.3:a:xpdf:xpdf:0.7a
    cpe:2.3:a:xpdf:xpdf:0.7a
  • cpe:2.3:a:xpdf:xpdf:0.80
    cpe:2.3:a:xpdf:xpdf:0.80
  • cpe:2.3:a:xpdf:xpdf:0.90
    cpe:2.3:a:xpdf:xpdf:0.90
  • cpe:2.3:a:xpdf:xpdf:0.91
    cpe:2.3:a:xpdf:xpdf:0.91
  • cpe:2.3:a:xpdf:xpdf:0.91a
    cpe:2.3:a:xpdf:xpdf:0.91a
  • cpe:2.3:a:xpdf:xpdf:0.91b
    cpe:2.3:a:xpdf:xpdf:0.91b
  • cpe:2.3:a:xpdf:xpdf:0.91c
    cpe:2.3:a:xpdf:xpdf:0.91c
  • cpe:2.3:a:xpdf:xpdf:0.92
    cpe:2.3:a:xpdf:xpdf:0.92
  • cpe:2.3:a:xpdf:xpdf:0.92a
    cpe:2.3:a:xpdf:xpdf:0.92a
  • cpe:2.3:a:xpdf:xpdf:0.92b
    cpe:2.3:a:xpdf:xpdf:0.92b
  • cpe:2.3:a:xpdf:xpdf:0.92c
    cpe:2.3:a:xpdf:xpdf:0.92c
  • cpe:2.3:a:xpdf:xpdf:0.92d
    cpe:2.3:a:xpdf:xpdf:0.92d
  • cpe:2.3:a:xpdf:xpdf:0.92e
    cpe:2.3:a:xpdf:xpdf:0.92e
  • cpe:2.3:a:xpdf:xpdf:0.93
    cpe:2.3:a:xpdf:xpdf:0.93
  • cpe:2.3:a:xpdf:xpdf:0.93a
    cpe:2.3:a:xpdf:xpdf:0.93a
  • cpe:2.3:a:xpdf:xpdf:0.93b
    cpe:2.3:a:xpdf:xpdf:0.93b
  • cpe:2.3:a:xpdf:xpdf:0.93c
    cpe:2.3:a:xpdf:xpdf:0.93c
  • cpe:2.3:a:xpdf:xpdf:1.0
    cpe:2.3:a:xpdf:xpdf:1.0
  • cpe:2.3:a:xpdf:xpdf:1.0a
    cpe:2.3:a:xpdf:xpdf:1.0a
  • cpe:2.3:a:xpdf:xpdf:1.1
    cpe:2.3:a:xpdf:xpdf:1.1
  • cpe:2.3:a:xpdf:xpdf:2.0
    cpe:2.3:a:xpdf:xpdf:2.0
  • cpe:2.3:a:xpdf:xpdf:2.1
    cpe:2.3:a:xpdf:xpdf:2.1
  • cpe:2.3:a:xpdf:xpdf:2.2
    cpe:2.3:a:xpdf:xpdf:2.2
  • cpe:2.3:a:xpdf:xpdf:2.3
    cpe:2.3:a:xpdf:xpdf:2.3
  • cpe:2.3:a:xpdf:xpdf:3.0
    cpe:2.3:a:xpdf:xpdf:3.0
CVSS
Base: 7.5 (as of 02-06-2005 - 14:48)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-053.NASL
    description Updated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects CUPS due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1267 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. The lppasswd utility was found to ignore write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1268 and CVE-2004-1269 to these issues. The lppasswd utility was found to not verify that the passwd.new file is different from STDERR, which could allow local users to control output to passwd.new via certain user input that triggers an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1270 to this issue. All users of cups should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17174
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17174
    title RHEL 4 : CUPS (RHSA-2005:053)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-057.NASL
    description An updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. Users should update to this erratum package which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17175
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17175
    title RHEL 4 : gpdf (RHSA-2005:057)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-034.NASL
    description An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. All users of Xpdf should upgrade to this updated package, which contains backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17168
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17168
    title RHEL 4 : xpdf (RHSA-2005:034)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-066.NASL
    description Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 17178
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17178
    title RHEL 4 : kdegraphics (RHSA-2005:066)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-018.NASL
    description A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Cups uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16255
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16255
    title Mandrake Linux Security Advisory : cups (MDKSA-2005:018)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-049.NASL
    description Updated CUPS packages that fixes a security issue are now available. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to remotely exploit these buffer overflow vulnerabilities on x86 architectures. All users of cups should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 16297
    published 2005-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16297
    title RHEL 3 : cups (RHSA-2005:049)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-026.NASL
    description Updated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17338
    published 2005-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17338
    title RHEL 4 : tetex (RHSA-2005:026)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-31.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16422
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16422
    title GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-32 (KPdf, KOffice: Stack overflow in included Xpdf code) KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact : An attacker could entice a user to open a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 16423
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16423
    title GLSA-200501-32 : KPdf, KOffice: Stack overflow in included Xpdf code
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-020.NASL
    description A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Kdegraphics uses xpdf code and is susceptible to the same vulnerability. 10.1 packages also include a fix for ksvg kde bug #74457. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16257
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16257
    title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2005:020)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-645.NASL
    description iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 16212
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16212
    title Debian DSA-645-1 : cupsys - buffer overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F755545E6FCD11D9ABEC00061BD2D56F.NASL
    description An iDEFENSE Security Advisory reports : Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 19176
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19176
    title FreeBSD : xpdf -- makeFileKey2() buffer overflow vulnerability (f755545e-6fcd-11d9-abec-00061bd2d56f)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-30 (CUPS: Stack overflow in included Xpdf code) The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files (GLSA 200501-28). Impact : This issue could be exploited by a remote attacker to execute arbitrary code by sending a malicious print job to a CUPS spooler. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 16421
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16421
    title GLSA-200501-30 : CUPS: Stack overflow in included Xpdf code
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-017.NASL
    description A buffer overflow vulnerability was discovered in the xpdf PDF viewer, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16254
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16254
    title Mandrake Linux Security Advisory : xpdf (MDKSA-2005:017)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-021.NASL
    description A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16258
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16258
    title Mandrake Linux Security Advisory : tetex (MDKSA-2005:021)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-648.NASL
    description iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 16215
    published 2005-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16215
    title Debian DSA-648-1 : xpdf - buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-64-1.NASL
    description A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user's privileges. The Common UNIX Printing System (CUPS) uses the same code to print PDF files. In this case, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-25
    plugin id 20683
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20683
    title Ubuntu 4.10 : xpdf, cupsys vulnerabilities (USN-64-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200502-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200502-10 (pdftohtml: Vulnerabilities in included Xpdf) Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28. Impact : An attacker could entice a user to convert a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running pdftohtml. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 16447
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16447
    title GLSA-200502-10 : pdftohtml: Vulnerabilities in included Xpdf
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-28 (Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2) iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files. Impact : An attacker could entice an user to open a specially crafted PDF file which would trigger a stack overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf or GPdf. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16419
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16419
    title GLSA-200501-28 : Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-019.NASL
    description A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Koffice uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16256
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16256
    title Mandrake Linux Security Advisory : koffice (MDKSA-2005:019)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-059.NASL
    description Updated Xpdf package that fixes a stack based buffer overflow security issue is now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit this vulnerability on x86 architectures. All users of the Xpdf package should upgrade to this updated package, which resolves this issue
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 16263
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16263
    title RHEL 3 : xpdf (RHSA-2005:059)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-016.NASL
    description A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Gpdf uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16253
    published 2005-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16253
    title Mandrake Linux Security Advisory : gpdf (MDKSA-2005:016)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200506-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200506-06 (libextractor: Multiple overflow vulnerabilities) Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors. Impact : An attacker could design malicious PDF, PNG or Real files which, when processed by an application making use of libextractor, would result in the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 18448
    published 2005-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18448
    title GLSA-200506-06 : libextractor: Multiple overflow vulnerabilities
oval via4
accepted 2013-04-29T04:15:44.748-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
family unix
id oval:org.mitre.oval:def:11781
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:026
  • rhsa
    id RHSA-2005:034
  • rhsa
    id RHSA-2005:053
  • rhsa
    id RHSA-2005:057
  • rhsa
    id RHSA-2005:059
  • rhsa
    id RHSA-2005:066
refmap via4
bugtraq 20050119 [USN-64-1] xpdf, CUPS vulnerabilities
conectiva CLA-2005:921
confirm ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
debian
  • DSA-645
  • DSA-648
fedora
  • FLSA:2352
  • FLSA:2353
gentoo
  • GLSA-200501-28
  • GLSA-200502-10
idefense 20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
mandrake
  • MDKSA-2005:016
  • MDKSA-2005:017
  • MDKSA-2005:018
  • MDKSA-2005:019
  • MDKSA-2005:020
  • MDKSA-2005:021
sco SCOSA-2005.42
secunia 17277
trustix 2005-0003
Last major update 19-12-2016 - 21:59
Published 02-05-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top