CVE-2005-3626

Published: Dec 31, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Affected (127)

Products: Conectiva: Linux · Easy Software Products: Cups · Kde: Kdegraphics, Koffice, Kpdf, Kword · +15 more

Show all products

Conectiva

1 product

Linux

Easy Software Products

1 product

4 products

1 product

1 product

1 product

1 product

1 product

1 product

1 product

2 products

Mandrake Linux Corporate Server

Redhat

5 products

Enterprise Linux

Enterprise Linux Desktop

Fedora Core

Linux

Linux Advanced Workstation

1 product

1 product

1 product

1 product

8 products

Turbolinux Appliance Server

Turbolinux Desktop

Turbolinux Home

Turbolinux Multimedia

Turbolinux Personal

Turbolinux Server

Turbolinux Workstation

Ubuntu

1 product

Ubuntu Linux

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Conectiva Linux	Version 10.0
Easy Software Products Cups	Version 1.1.22
Easy Software Products Cups	Version 1.1.22_rc1
Easy Software Products Cups	Version 1.1.23
Easy Software Products Cups	Version 1.1.23_rc1
Kde Kdegraphics	Version 3.2
Kde Kdegraphics	Version 3.4.3
Kde Koffice	Version 1.4.1
Kde Koffice	Version 1.4.2
Kde Koffice	Version 1.4
Kde Kpdf	Version 3.2
Kde Kpdf	Version 3.4.3
Kde Kword	Version 1.4.2
Libextractor Libextractor	All versions
Poppler Poppler	Version 0.4.2
Sgi Propack	Version 3.0 sp6
Tetex Tetex	Version 1.0.7
Tetex Tetex	Version 2.0.1
Tetex Tetex	Version 2.0.2
Tetex Tetex	Version 2.0
Tetex Tetex	Version 3.0
Xpdf Xpdf	Version 3.0

Configuration B

105 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Gentoo Linux	All versions
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 10.2
Mandrakesoft Mandrake Linux	Version 10.2
Mandrakesoft Mandrake Linux	Version 2006
Mandrakesoft Mandrake Linux	Version 2006
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux	Version 4.0
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Enterprise Linux Desktop	Version 4.0
Redhat Fedora Core	Version core_1.0
Redhat Fedora Core	Version core_2.0
Redhat Fedora Core	Version core_3.0
Redhat Fedora Core	Version core_4.0
Redhat Linux	Version 7.3
Redhat Linux	Version 9.0
Redhat Linux Advanced Workstation	Version 2.1
Redhat Linux Advanced Workstation	Version 2.1
Sco Openserver	Version 5.0.7
Sco Openserver	Version 6.0
Slackware Slackware Linux	Version 10.0
Slackware Slackware Linux	Version 10.1
Slackware Slackware Linux	Version 10.2
Slackware Slackware Linux	Version 9.0
Slackware Slackware Linux	Version 9.1
Suse Suse Linux	Version 1.0
Suse Suse Linux	Version 10.0
Suse Suse Linux	Version 10.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.1
Suse Suse Linux	Version 9.1
Suse Suse Linux	Version 9.1
Suse Suse Linux	Version 9.2
Suse Suse Linux	Version 9.2
Suse Suse Linux	Version 9.2
Suse Suse Linux	Version 9.3
Suse Suse Linux	Version 9.3
Suse Suse Linux	Version 9.3
Trustix Secure Linux	Version 2.0
Trustix Secure Linux	Version 2.2
Trustix Secure Linux	Version 3.0
Turbolinux Turbolinux	Version 10
Turbolinux Turbolinux	Version fuji
Turbolinux Turbolinux Appliance Server	Version 1.0_hosting_edition
Turbolinux Turbolinux Appliance Server	Version 1.0_workgroup_edition
Turbolinux Turbolinux Desktop	Version 10.0
Turbolinux Turbolinux Home	All versions
Turbolinux Turbolinux Multimedia	All versions
Turbolinux Turbolinux Personal	All versions
Turbolinux Turbolinux Server	Version 10.0
Turbolinux Turbolinux Server	Version 10.0_x86
Turbolinux Turbolinux Server	Version 8.0
Turbolinux Turbolinux Workstation	Version 8.0
Ubuntu Ubuntu Linux	Version 4.1
Ubuntu Ubuntu Linux	Version 4.1
Ubuntu Ubuntu Linux	Version 5.04
Ubuntu Ubuntu Linux	Version 5.04
Ubuntu Ubuntu Linux	Version 5.04
Ubuntu Ubuntu Linux	Version 5.10
Ubuntu Ubuntu Linux	Version 5.10
Ubuntu Ubuntu Linux	Version 5.10

Related CWEs

CWE-399

References (170)

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt (unsafe URL)

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U (unsafe URL)

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U (unsafe URL)

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U (unsafe URL)

Source: secalert@redhat.com

http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Source: secalert@redhat.com

PatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2006-0177.html

Source: secalert@redhat.com

PatchVendor Advisory

http://scary.beasts.org/security/CESA-2005-003.txt

Source: secalert@redhat.com

Exploit

http://secunia.com/advisories/18147

Source: secalert@redhat.com

http://secunia.com/advisories/18303

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18312

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18313

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18329

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18332

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18334

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18335

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18338

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18349

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18373

Source: secalert@redhat.com

http://secunia.com/advisories/18375

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18380

Source: secalert@redhat.com

http://secunia.com/advisories/18385

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18387

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18389

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18398

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18407

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18414

Source: secalert@redhat.com

http://secunia.com/advisories/18416

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18423

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18425

Source: secalert@redhat.com

http://secunia.com/advisories/18428

Source: secalert@redhat.com

http://secunia.com/advisories/18436

Source: secalert@redhat.com

http://secunia.com/advisories/18448

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18463

Source: secalert@redhat.com

http://secunia.com/advisories/18517

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18534

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18554

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18582

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/18642

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18644

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18674

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18675

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18679

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/18908

Source: secalert@redhat.com

http://secunia.com/advisories/18913

Source: secalert@redhat.com

http://secunia.com/advisories/19230

Source: secalert@redhat.com

http://secunia.com/advisories/19377

Source: secalert@redhat.com

http://secunia.com/advisories/25729

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-931

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-932

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-937

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-938

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-940

Source: secalert@redhat.com

http://www.debian.org/security/2006/dsa-936

Source: secalert@redhat.com

PatchVendor Advisory

http://www.debian.org/security/2006/dsa-950

Source: secalert@redhat.com

PatchVendor Advisory

http://www.debian.org/security/2006/dsa-961

Source: secalert@redhat.com

PatchVendor Advisory

http://www.debian.org/security/2006/dsa-962

Source: secalert@redhat.com

http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Source: secalert@redhat.com

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml

Source: secalert@redhat.com

http://www.kde.org/info/security/advisory-20051207-2.txt

Source: secalert@redhat.com

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:003

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:004

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:005

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:006

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:008

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:010

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:011

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:012

Source: secalert@redhat.com

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

Source: secalert@redhat.com

Patch

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

Source: secalert@redhat.com

Patch

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html

Source: secalert@redhat.com

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2006-0160.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2006-0163.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/427053/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/427990/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/16143

Source: secalert@redhat.com

Patch

http://www.trustix.org/errata/2006/0002/

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2006/0047

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/2280

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/24026

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9992

Source: secalert@redhat.com

https://usn.ubuntu.com/236-1/

Source: secalert@redhat.com

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt (unsafe URL)