CVE-2005-0064
NONE EPSS 93.6%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
Threat Intelligence
EPSS Exploit Probability
93.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 32
| Vendor | Product | Version | Range |
|---|---|---|---|
| xpdf | xpdf | 0.2 | any |
| xpdf | xpdf | 0.3 | any |
| xpdf | xpdf | 0.4 | any |
| xpdf | xpdf | 0.5 | any |
| xpdf | xpdf | 0.5a | any |
| xpdf | xpdf | 0.6 | any |
| xpdf | xpdf | 0.7 | any |
| xpdf | xpdf | 0.7a | any |
| xpdf | xpdf | 0.80 | any |
| xpdf | xpdf | 0.90 | any |
| xpdf | xpdf | 0.91 | any |
| xpdf | xpdf | 0.91a | any |
| xpdf | xpdf | 0.91b | any |
| xpdf | xpdf | 0.91c | any |
| xpdf | xpdf | 0.92 | any |
| xpdf | xpdf | 0.92a | any |
| xpdf | xpdf | 0.92b | any |
| xpdf | xpdf | 0.92c | any |
| xpdf | xpdf | 0.92d | any |
| xpdf | xpdf | 0.92e | any |
| xpdf | xpdf | 0.93 | any |
| xpdf | xpdf | 0.93a | any |
| xpdf | xpdf | 0.93b | any |
| xpdf | xpdf | 0.93c | any |
| xpdf | xpdf | 1.0 | any |
| xpdf | xpdf | 1.0a | any |
| xpdf | xpdf | 1.1 | any |
| xpdf | xpdf | 2.0 | any |
| xpdf | xpdf | 2.1 | any |
| xpdf | xpdf | 2.2 | any |
| xpdf | xpdf | 2.3 | any |
| xpdf | xpdf | 3.0 | any |
References 26
- ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
- marc.info http://marc.info/?l=bugtraq&m=110625368019554&w=2
- secunia.com http://secunia.com/advisories/17277
- debian.org http://www.debian.org/security/2005/dsa-645
- debian.org http://www.debian.org/security/2005/dsa-648
- idefense.com http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-026.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-034.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-053.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-057.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-059.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-066.html
- trustix.org http://www.trustix.org/errata/2005/0003/
- bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2352
- bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2353
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781
- security.gentoo.org https://security.gentoo.org/glsa/200501-28
- security.gentoo.org https://security.gentoo.org/glsa/200502-10
Remediation
- ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
- debian.org http://www.debian.org/security/2005/dsa-645
- debian.org http://www.debian.org/security/2005/dsa-648
- idefense.com http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-034.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-053.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-057.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-059.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-066.html
- trustix.org http://www.trustix.org/errata/2005/0003/
- bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2352
- bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2353