CVE-2005-3625
First published: Sat Dec 31 2005(Updated: )
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CUPS (Common UNIX Printing System) | =1.1.22 | |
| CUPS (Common UNIX Printing System) | =1.1.22_rc1 | |
| CUPS (Common UNIX Printing System) | =1.1.23 | |
| CUPS (Common UNIX Printing System) | =1.1.23_rc1 | |
| KDE Kdegraphics | =3.2 | |
| KDE Kdegraphics | =3.4.3 | |
| KDE KOffice | =1.4 | |
| KDE KOffice | =1.4.1 | |
| KDE KOffice | =1.4.2 | |
| KDE KPDF | =3.2 | |
| KDE KPDF | =3.4.3 | |
| KWord | =1.4.2 | |
| libextractor | ||
| Poppler Data | =0.4.2 | |
| SGI ProPack | =3.0-sp6 | |
| teTeX | =1.0.7 | |
| teTeX | =2.0 | |
| teTeX | =2.0.1 | |
| teTeX | =2.0.2 | |
| teTeX | =3.0 | |
| Xpdf | =3.0 | |
| Conectiva Linux | =10.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.0 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Debian Linux | =3.1 | |
| Gentoo Linux | ||
| Mandrake Linux | =10.1 | |
| Mandrake Linux | =10.1 | |
| Mandrake Linux | =10.2 | |
| Mandrake Linux | =10.2 | |
| Mandrake Linux | =2006 | |
| Mandrake Linux | =2006 | |
| Mandriva Linux Corporate Server | =2.1 | |
| Mandriva Linux Corporate Server | =2.1 | |
| Mandriva Linux Corporate Server | =3.0 | |
| Mandriva Linux Corporate Server | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux Desktop | =3.0 | |
| Red Hat Enterprise Linux Desktop | =4.0 | |
| Red Hat Fedora Core | =core_1.0 | |
| Red Hat Fedora Core | =core_2.0 | |
| Red Hat Fedora Core | =core_3.0 | |
| Red Hat Fedora Core | =core_4.0 | |
| Red Hat Linux | =7.3 | |
| Red Hat Linux | =9.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| SCO OpenServer | =5.0.7 | |
| SCO OpenServer | =6.0 | |
| Slackware Linux | =9.0 | |
| Slackware Linux | =9.1 | |
| Slackware Linux | =10.0 | |
| Slackware Linux | =10.1 | |
| Slackware Linux | =10.2 | |
| SUSE Linux | =1.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.1 | |
| SUSE Linux | =9.1 | |
| SUSE Linux | =9.1 | |
| SUSE Linux | =9.2 | |
| SUSE Linux | =9.2 | |
| SUSE Linux | =9.2 | |
| SUSE Linux | =9.3 | |
| SUSE Linux | =9.3 | |
| SUSE Linux | =9.3 | |
| SUSE Linux | =10.0 | |
| SUSE Linux | =10.0 | |
| Trustix Secure Linux | =2.0 | |
| Trustix Secure Linux | =2.2 | |
| Trustix Secure Linux | =3.0 | |
| Turbolinux | =10 | |
| Turbolinux | =fuji | |
| TurboLinux Appliance Server | =1.0_hosting_edition | |
| TurboLinux Appliance Server | =1.0_workgroup_edition | |
| TurboLinux Desktop | =10.0 | |
| Turbolinux | ||
| Turbolinux | ||
| TurboLinux Personal | ||
| Turbolinux Server | =8.0 | |
| Turbolinux Server | =10.0 | |
| Turbolinux Server | =10.0_x86 | |
| Turbolinux Workstation | =8.0 | |
| Ubuntu | =4.1 | |
| Ubuntu | =4.1 | |
| Ubuntu | =5.04 | |
| Ubuntu | =5.04 | |
| Ubuntu | =5.04 | |
| Ubuntu | =5.10 | |
| Ubuntu | =5.10 | |
| Ubuntu | =5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://scary.beasts.org/security/CESA-2005-003.txt
- http://www.kde.org/info/security/advisory-20051207-2.txt
- http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- http://www.securityfocus.com/bid/16143
- http://secunia.com/advisories/18303
- http://secunia.com/advisories/18312
- http://secunia.com/advisories/18313
- http://secunia.com/advisories/18329
- http://secunia.com/advisories/18332
- http://secunia.com/advisories/18334
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
- http://secunia.com/advisories/18335
- http://www.debian.org/security/2005/dsa-931
- http://www.debian.org/security/2005/dsa-932
- http://www.debian.org/security/2005/dsa-937
- http://www.debian.org/security/2005/dsa-938
- http://www.debian.org/security/2005/dsa-940
- http://rhn.redhat.com/errata/RHSA-2006-0177.html
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- http://secunia.com/advisories/18387
- http://secunia.com/advisories/18416
- http://secunia.com/advisories/18338
- http://secunia.com/advisories/18349
- http://secunia.com/advisories/18375
- http://secunia.com/advisories/18385
- http://secunia.com/advisories/18389
- http://secunia.com/advisories/18423
- http://secunia.com/advisories/18448
- http://www.debian.org/security/2006/dsa-936
- http://www.debian.org/security/2006/dsa-950
- http://www.redhat.com/support/errata/RHSA-2006-0160.html
- http://secunia.com/advisories/18398
- http://secunia.com/advisories/18407
- http://secunia.com/advisories/18534
- http://secunia.com/advisories/18582
- http://secunia.com/advisories/18517
- http://secunia.com/advisories/18554
- http://www.debian.org/security/2006/dsa-961
- http://www.debian.org/security/2006/dsa-962
- http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- http://secunia.com/advisories/18642
- http://secunia.com/advisories/18644
- http://secunia.com/advisories/18674
- http://secunia.com/advisories/18675
- http://secunia.com/advisories/18679
- http://secunia.com/advisories/18908
- http://secunia.com/advisories/18913
- http://www.redhat.com/support/errata/RHSA-2006-0163.html
- http://www.trustix.org/errata/2006/0002/
- http://secunia.com/advisories/19230
- http://secunia.com/advisories/19377
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- http://secunia.com/advisories/18425
- http://secunia.com/advisories/18463
- http://secunia.com/advisories/18147
- http://secunia.com/advisories/18373
- http://secunia.com/advisories/18380
- http://secunia.com/advisories/18414
- http://secunia.com/advisories/18428
- http://secunia.com/advisories/18436
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- http://secunia.com/advisories/25729
- http://www.vupen.com/english/advisories/2007/2280
- http://www.vupen.com/english/advisories/2006/0047
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24023
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575
- https://usn.ubuntu.com/236-1/
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://www.securityfocus.com/archive/1/427053/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-3625?
CVE-2005-3625 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2005-3625?
To remediate CVE-2005-3625, users should upgrade to the latest version of affected software that addresses this vulnerability.
What types of software are affected by CVE-2005-3625?
CVE-2005-3625 affects various software including Xpdf, KDE KPDF, Poppler, and CUPS among others.
What are the potential consequences of exploiting CVE-2005-3625?
Exploiting CVE-2005-3625 may lead to an infinite loop, resulting in denial of service and increased CPU usage.
Are there any specific versions of software that are vulnerable to CVE-2005-3625?
Yes, specific vulnerable versions include Xpdf 3.0, KDE KPDF 3.2 to 3.4.3, and CUPS versions 1.1.22 to 1.1.23.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/easy software products
- canonical/cups (common unix printing system)
- version/cups (common unix printing system)/1.1.22
- version/cups (common unix printing system)/1.1.22_rc1
- version/cups (common unix printing system)/1.1.23
- version/cups (common unix printing system)/1.1.23_rc1
- vendor/kde
- canonical/kde kdegraphics
- version/kde kdegraphics/3.2
- version/kde kdegraphics/3.4.3
- canonical/kde koffice
- version/kde koffice/1.4
- version/kde koffice/1.4.1
- version/kde koffice/1.4.2
- canonical/kde kpdf
- version/kde kpdf/3.2
- version/kde kpdf/3.4.3
- canonical/kword
- version/kword/1.4.2
- vendor/libextractor
- canonical/libextractor
- vendor/poppler
- canonical/poppler data
- version/poppler data/0.4.2
- vendor/sgi
- canonical/sgi propack
- version/sgi propack/3.0-sp6
- vendor/tetex
- canonical/tetex
- version/tetex/1.0.7
- version/tetex/2.0
- version/tetex/2.0.1
- version/tetex/2.0.2
- version/tetex/3.0
- vendor/xpdf
- canonical/xpdf
- version/xpdf/3.0
- vendor/conectiva
- canonical/conectiva linux
- version/conectiva linux/10.0
- vendor/debian
- canonical/debian linux
- version/debian linux/3.0
- version/debian linux/3.1
- vendor/gentoo
- canonical/gentoo linux
- vendor/mandrakesoft
- canonical/mandrake linux
- version/mandrake linux/10.1
- version/mandrake linux/10.2
- version/mandrake linux/2006
- canonical/mandriva linux corporate server
- version/mandriva linux corporate server/2.1
- version/mandriva linux corporate server/3.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- version/red hat enterprise linux/3.0
- version/red hat enterprise linux/4.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/3.0
- version/red hat enterprise linux desktop/4.0
- canonical/red hat fedora core
- version/red hat fedora core/core_1.0
- version/red hat fedora core/core_2.0
- version/red hat fedora core/core_3.0
- version/red hat fedora core/core_4.0
- canonical/red hat linux
- version/red hat linux/7.3
- version/red hat linux/9.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- vendor/sco
- canonical/sco openserver
- version/sco openserver/5.0.7
- version/sco openserver/6.0
- vendor/slackware
- canonical/slackware linux
- version/slackware linux/9.0
- version/slackware linux/9.1
- version/slackware linux/10.0
- version/slackware linux/10.1
- version/slackware linux/10.2
- vendor/suse
- canonical/suse linux
- version/suse linux/1.0
- version/suse linux/9.0
- version/suse linux/9.1
- version/suse linux/9.2
- version/suse linux/9.3
- version/suse linux/10.0
- vendor/trustix
- canonical/trustix secure linux
- version/trustix secure linux/2.0
- version/trustix secure linux/2.2
- version/trustix secure linux/3.0
- vendor/turbolinux
- canonical/turbolinux
- version/turbolinux/10
- version/turbolinux/fuji
- canonical/turbolinux appliance server
- version/turbolinux appliance server/1.0_hosting_edition
- version/turbolinux appliance server/1.0_workgroup_edition
- canonical/turbolinux desktop
- version/turbolinux desktop/10.0
- canonical/turbolinux personal
- canonical/turbolinux server
- version/turbolinux server/8.0
- version/turbolinux server/10.0
- version/turbolinux server/10.0_x86
- canonical/turbolinux workstation
- version/turbolinux workstation/8.0
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/4.1
- version/ubuntu/5.04
- version/ubuntu/5.10