ID CVE-2005-2097
Summary xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:kpdf
    cpe:2.3:a:kde:kpdf
  • cpe:2.3:a:xpdf:xpdf:3.0
    cpe:2.3:a:xpdf:xpdf:3.0
  • cpe:2.3:a:xpdf:xpdf:3.0_pl2
    cpe:2.3:a:xpdf:xpdf:3.0_pl2
  • cpe:2.3:a:xpdf:xpdf:3.0_pl3
    cpe:2.3:a:xpdf:xpdf:3.0_pl3
CVSS
Base: 2.1 (as of 17-08-2005 - 11:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-729.NASL
    description A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Users of xpdf should upgrade to this updated package, which contains a patch to resolve this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19434
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19434
    title Fedora Core 4 : xpdf-3.00-20.FC4.2 (2005-729)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-135.NASL
    description A vulnerability in the kpdf KDE PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this problem.
    last seen 2017-10-29
    modified 2012-09-07
    plugin id 20422
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20422
    title MDKSA-2005:135 : kdegraphics
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-671.NASL
    description Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A flaw was discovered in kpdf. An attacker could construct a carefully crafted PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of kpdf should upgrade to these updated packages, which contains a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19411
    published 2005-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19411
    title RHEL 4 : kdegraphics (RHSA-2005:671)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-708.NASL
    description An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19425
    published 2005-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19425
    title RHEL 4 : gpdf (RHSA-2005:708)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1136.NASL
    description 'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which are also present in gpdf, the viewer with Gtk bindings, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22678
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22678
    title Debian DSA-1136-1 : gpdf - wrong input sanitising
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-670.NASL
    description An updated xpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect the version of Xpdf in Red Hat Enterprise Linux 3 or 2.1. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19410
    published 2005-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19410
    title RHEL 4 : xpdf (RHSA-2005:670)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-671.NASL
    description Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A flaw was discovered in kpdf. An attacker could construct a carefully crafted PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of kpdf should upgrade to these updated packages, which contains a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21956
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21956
    title CentOS 4 : kdegraphics (CESA-2005:671)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-163-1.NASL
    description xpdf and kpdf did not sufficiently verify the validity of the 'loca' table in PDF files, a table that contains glyph description information for embedded TrueType fonts. After detecting the broken table, xpdf attempted to reconstruct the information in it, which caused the generation of a huge temporary file that quickly filled up available disk space and rendered the application unresponsive. The CUPS printing system in Ubuntu 5.04 uses the xpdf-utils package to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could cause a Denial of Service in a print server. The CUPS system in Ubuntu 4.10 is not vulnerable against this attack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20569
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20569
    title Ubuntu 4.10 / 5.04 : xpdf vulnerability (USN-163-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-708.NASL
    description An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21957
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21957
    title CentOS 4 : gpdf (CESA-2005:708)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-670.NASL
    description An updated xpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect the version of Xpdf in Red Hat Enterprise Linux 3 or 2.1. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21955
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21955
    title CentOS 4 : xpdf (CESA-2005:670)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-138.NASL
    description A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash. Update : The patch to correct this problem was not properly applied to the Mandriva 10.1 packages. This update properly patches the packages.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19895
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19895
    title Mandrake Linux Security Advisory : cups (MDKSA-2005:138-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-730.NASL
    description A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19435
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19435
    title Fedora Core 3 : xpdf-3.00-10.6.FC3 (2005-730)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-136.NASL
    description A vulnerability in the gpdf PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this problem.
    last seen 2017-10-29
    modified 2012-09-07
    plugin id 20423
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20423
    title MDKSA-2005:136 : gpdf
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-706.NASL
    description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a PDF file, bounds checking was not correctly performed on some fields. This could cause the pdftops filter (running as user 'lp') to crash. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2097 to this issue. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19412
    published 2005-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19412
    title RHEL 3 / 4 : cups (RHSA-2005:706)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-134.NASL
    description A vulnerability in the xpdf PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause xpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19893
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19893
    title Mandrake Linux Security Advisory : xpdf (MDKSA-2005:134)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-706.NASL
    description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a PDF file, bounds checking was not correctly performed on some fields. This could cause the pdftops filter (running as user 'lp') to crash. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2097 to this issue. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21851
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21851
    title CentOS 3 / 4 : cups (CESA-2005:706)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-780.NASL
    description A bug has been discovered in the font handling code in xpdf, which is also present in kpdf, the PDF viewer for KDE. A specially crafted PDF file could cause infinite resource consumption, in terms of both CPU and disk space. The oldstable distribution (woody) is not affected by this problem.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19477
    published 2005-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19477
    title Debian DSA-780-1 : kdegraphics - wrong input sanitising
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_24EEE28509C711DABC080001020EED82.NASL
    description xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file. Note that several applications contains an embedded version of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 21400
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21400
    title FreeBSD : xpdf -- disk fill DoS vulnerability (24eee285-09c7-11da-bc08-0001020eed82)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200508-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200508-08 (Xpdf, Kpdf, GPdf: Denial of Service vulnerability) Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and GPdf attempt to reconstruct the information in it by decoding the PDF file, which causes the generation of a huge temporary file. Impact : A remote attacker may cause a Denial of Service by creating a specially crafted PDF file, sending it to a CUPS printing system (which uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 19441
    published 2005-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19441
    title GLSA-200508-08 : Xpdf, Kpdf, GPdf: Denial of Service vulnerability
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-936.NASL
    description 'infamous41md' and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22802
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22802
    title Debian DSA-936-1 : libextractor - buffer overflows
oval via4
accepted 2013-04-29T04:04:16.110-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
family unix
id oval:org.mitre.oval:def:10280
status accepted
submitted 2010-07-09T03:56:16-04:00
title xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2005:670
  • rhsa
    id RHSA-2005:671
  • rhsa
    id RHSA-2005:706
  • rhsa
    id RHSA-2005:708
refmap via4
bid 14529
debian
  • DSA-1136
  • DSA-780
  • DSA-936
fedora
  • FLSA-2006:176751
  • FLSA:175404
mandriva MDKSA-2005:138
sco SCOSA-2005.42
secunia
  • 17277
  • 18398
  • 18407
  • 21339
  • 25729
sunalert 102972
suse SUSE-SR:2005:019
ubuntu USN-163-1
vupen ADV-2007-2280
Last major update 07-03-2011 - 21:23
Published 16-08-2005 - 00:00
Last modified 19-10-2018 - 11:32
Back to Top