high
7.5
CWE
119
Advisory Published
CVE Published
Updated

CVE-2005-3627: Buffer Overflow

First published: Sat Dec 31 2005(Updated: )

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Xpdf

Remedy

http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html

Remedy

http://rhn.redhat.com/errata/RHSA-2006-0177.html

Remedy

http://secunia.com/advisories/18303

Remedy

http://secunia.com/advisories/18312

Remedy

http://secunia.com/advisories/18313

Remedy

http://secunia.com/advisories/18334

Remedy

http://secunia.com/advisories/18335

Remedy

http://secunia.com/advisories/18338

Remedy

http://secunia.com/advisories/18349

Remedy

http://secunia.com/advisories/18385

Remedy

http://secunia.com/advisories/18387

Remedy

http://secunia.com/advisories/18389

Remedy

http://secunia.com/advisories/18398

Remedy

http://secunia.com/advisories/18407

Remedy

http://secunia.com/advisories/18416

Remedy

http://secunia.com/advisories/18423

Remedy

http://secunia.com/advisories/18448

Remedy

http://secunia.com/advisories/18517

Remedy

http://secunia.com/advisories/18534

Remedy

http://secunia.com/advisories/18554

Remedy

http://secunia.com/advisories/18582

Remedy

http://www.debian.org/security/2006/dsa-936

Remedy

http://www.debian.org/security/2006/dsa-950

Remedy

http://www.debian.org/security/2006/dsa-961

Remedy

http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml

Remedy

http://www.kde.org/info/security/advisory-20051207-2.txt

Remedy

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html

Remedy

http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html

Remedy

http://www.redhat.com/support/errata/RHSA-2006-0160.html

Remedy

http://www.securityfocus.com/bid/16143

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2005-3627?

    CVE-2005-3627 is considered a high-severity vulnerability as it allows attackers to modify memory and potentially execute arbitrary code.

  • How do I fix CVE-2005-3627?

    To fix CVE-2005-3627, update to a version of Xpdf or any affected software that has patched this vulnerability.

  • What products are affected by CVE-2005-3627?

    CVE-2005-3627 affects multiple products including Xpdf, gpdf, kpdf, pdftohtml, and poppler.

  • What type of attack can be carried out using CVE-2005-3627?

    Using CVE-2005-3627, an attacker can exploit a DCTDecode stream to modify memory or possibly execute arbitrary code.

  • Is CVE-2005-3627 a local or remote vulnerability?

    CVE-2005-3627 can be exploited remotely through malicious PDF files that utilize affected decoding streams.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203