U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2005-3193 Detail

Current Description

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.


View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt CVE, MITRE
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt CVE, MITRE
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt CVE, MITRE
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U CVE, MITRE
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U CVE, MITRE
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U CVE, MITRE
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html CVE, MITRE
http://rhn.redhat.com/errata/RHSA-2005-868.html CVE, MITRE
http://secunia.com/advisories/17897 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17912 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17916 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17920 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17926 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17929 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17940 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/17955 CVE, MITRE
http://secunia.com/advisories/17956 CVE, MITRE
http://secunia.com/advisories/17959 CVE, MITRE
http://secunia.com/advisories/17976 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18009 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18055 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18061 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18147 CVE, MITRE
http://secunia.com/advisories/18189 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18191 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18192 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18303 CVE, MITRE
http://secunia.com/advisories/18313 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18336 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18349 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18380 CVE, MITRE
http://secunia.com/advisories/18385 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18387 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18389 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18398 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18407 CVE, MITRE
http://secunia.com/advisories/18416 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18448 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/18517 CVE, MITRE
http://secunia.com/advisories/18520 CVE, MITRE
http://secunia.com/advisories/18534 CVE, MITRE
http://secunia.com/advisories/18554 CVE, MITRE
http://secunia.com/advisories/18582 CVE, MITRE
http://secunia.com/advisories/18674 CVE, MITRE
http://secunia.com/advisories/18675 CVE, MITRE
http://secunia.com/advisories/18679 CVE, MITRE
http://secunia.com/advisories/18908 CVE, MITRE
http://secunia.com/advisories/18913 CVE, MITRE
http://secunia.com/advisories/19125 CVE, MITRE
http://secunia.com/advisories/19230 CVE, MITRE
http://secunia.com/advisories/19377 CVE, MITRE
http://secunia.com/advisories/19797 CVE, MITRE
http://secunia.com/advisories/19798 CVE, MITRE
http://secunia.com/advisories/25729 CVE, MITRE
http://secunia.com/advisories/26413 CVE, MITRE
http://securityreason.com/securityalert/236 CVE, MITRE
http://securitytracker.com/id?1015309 CVE, MITRE
http://securitytracker.com/id?1015324 CVE, MITRE
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 CVE, MITRE
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 CVE, MITRE
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 CVE, MITRE
http://www.debian.org/security/2005/dsa-931 CVE, MITRE
http://www.debian.org/security/2005/dsa-932 CVE, MITRE
http://www.debian.org/security/2005/dsa-937 CVE, MITRE
http://www.debian.org/security/2005/dsa-938 CVE, MITRE
http://www.debian.org/security/2005/dsa-940 CVE, MITRE
http://www.debian.org/security/2006/dsa-936 CVE, MITRE
http://www.debian.org/security/2006/dsa-950 CVE, MITRE
http://www.debian.org/security/2006/dsa-961 CVE, MITRE
http://www.debian.org/security/2006/dsa-962 CVE, MITRE
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml CVE, MITRE
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml CVE, MITRE
http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml CVE, MITRE
http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true CVE, MITRE Patch  Vendor Advisory 
http://www.kde.org/info/security/advisory-20051207-1.txt CVE, MITRE
http://www.kde.org/info/security/advisory-20051207-2.txt CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 CVE, MITRE
http://www.novell.com/linux/security/advisories/2005_29_sr.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00022.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html CVE, MITRE
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html CVE, MITRE
http://www.redhat.com/support/errata/RHSA-2005-840.html CVE, MITRE Vendor Advisory 
http://www.redhat.com/support/errata/RHSA-2005-867.html CVE, MITRE Vendor Advisory 
http://www.redhat.com/support/errata/RHSA-2005-878.html CVE, MITRE Vendor Advisory 
http://www.redhat.com/support/errata/RHSA-2006-0160.html CVE, MITRE Vendor Advisory 
http://www.securityfocus.com/archive/1/418883/100/0/threaded CVE, MITRE
http://www.securityfocus.com/archive/1/427053/100/0/threaded CVE, MITRE
http://www.securityfocus.com/archive/1/427990/100/0/threaded CVE, MITRE
http://www.securityfocus.com/bid/15721 CVE, MITRE
http://www.trustix.org/errata/2005/0072/ CVE, MITRE
http://www.ubuntulinux.org/usn/usn-227-1 CVE, MITRE
http://www.vupen.com/english/advisories/2005/2787 CVE, MITRE
http://www.vupen.com/english/advisories/2005/2789 CVE, MITRE
http://www.vupen.com/english/advisories/2005/2790 CVE, MITRE
http://www.vupen.com/english/advisories/2005/2856 CVE, MITRE
http://www.vupen.com/english/advisories/2007/2280 CVE, MITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/23441 CVE, MITRE
https://issues.rpath.com/browse/RPL-1609 CVE, MITRE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11440 CVE, MITRE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2005-3193
NVD Published Date:
12/06/2005
NVD Last Modified:
04/02/2025
Source:
MITRE