CVE-2005-0064

NONE EPSS 93.6%
Published May 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Threat Intelligence

EPSS Exploit Probability
93.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 32

VendorProductVersionRange
xpdfxpdf0.2any
xpdfxpdf0.3any
xpdfxpdf0.4any
xpdfxpdf0.5any
xpdfxpdf0.5aany
xpdfxpdf0.6any
xpdfxpdf0.7any
xpdfxpdf0.7aany
xpdfxpdf0.80any
xpdfxpdf0.90any
xpdfxpdf0.91any
xpdfxpdf0.91aany
xpdfxpdf0.91bany
xpdfxpdf0.91cany
xpdfxpdf0.92any
xpdfxpdf0.92aany
xpdfxpdf0.92bany
xpdfxpdf0.92cany
xpdfxpdf0.92dany
xpdfxpdf0.92eany
xpdfxpdf0.93any
xpdfxpdf0.93aany
xpdfxpdf0.93bany
xpdfxpdf0.93cany
xpdfxpdf1.0any
xpdfxpdf1.0aany
xpdfxpdf1.1any
xpdfxpdf2.0any
xpdfxpdf2.1any
xpdfxpdf2.2any
xpdfxpdf2.3any
xpdfxpdf3.0any

References 26

  • ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
    Patch
  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
    PatchVendor Advisory
  • marc.info http://marc.info/?l=bugtraq&m=110625368019554&w=2
  • secunia.com http://secunia.com/advisories/17277
  • debian.org http://www.debian.org/security/2005/dsa-645
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-648
    PatchVendor Advisory
  • idefense.com http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
    ExploitPatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-026.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-034.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-053.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-057.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-059.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-066.html
    PatchVendor Advisory
  • trustix.org http://www.trustix.org/errata/2005/0003/
    PatchVendor Advisory
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2352
    PatchVendor Advisory
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2353
    PatchVendor Advisory
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781
  • security.gentoo.org https://security.gentoo.org/glsa/200501-28
  • security.gentoo.org https://security.gentoo.org/glsa/200502-10

Remediation

  • ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
    Patch
  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-645
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2005/dsa-648
    PatchVendor Advisory
  • idefense.com http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
    ExploitPatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-034.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-053.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-057.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-059.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-066.html
    PatchVendor Advisory
  • trustix.org http://www.trustix.org/errata/2005/0003/
    PatchVendor Advisory
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2352
    PatchVendor Advisory
  • bugzilla.fedora.us https://bugzilla.fedora.us/show_bug.cgi?id=2353
    PatchVendor Advisory