New Search

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier as used in products such as (a) Poppler (b) teTeX (c) KDE kpdf (d) pdftohtml (e) KOffice KWord (f) CUPS and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps) which is used as an array index.

oval:org.mitre.oval:def:9760

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier as used in products such as (a) Poppler (b) teTeX (c) KDE kpdf (d) pdftohtml (e) KOffice KWord (f) CUPS and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps) which is used as an array index.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • CentOS Linux 4
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2005-3191
Product(s):