Vulnerability in Kde Kpdf

CVE-2005-2097

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be cr…

EPSS: 0.004 (34.1th percentile) — read the EPSS interpretation.

Affected products

Kde Kpdf
Xpdf — versions 3.0, 3.0_pl2, 3.0_pl3
N/a — versions n/a

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (vendor-advisory, x_refsource_SUNALERT)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)