Vulnerability in Conectiva Linux

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFax…

EPSS: 0.038 (88.5th percentile) — read the EPSS interpretation.

Affected products

Conectiva Linux — versions 10.0
Easy_software_products Cups — versions 1.1.22, 1.1.22_rc1, 1.1.23
Gentoo Linux
Kde Kdegraphics — versions 3.2, 3.4.3
Kde Koffice — versions 1.4, 1.4.1, 1.4.2
Kde Kpdf — versions 3.2, 3.4.3
Kde Kword — versions 1.4.2
Libextractor
Mandrakesoft Mandrake_linux — versions 10.1, 10.2, 2006
Mandrakesoft Mandrake_linux_corporate_server — versions 2.1, 3.0

Weakness classification (CWE)

CWE-399

References

secalert@redhat.com (Patch, vdb-entry, x_refsource_BID)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)