CVE-2005-2097
NONE EPSS 34.5%
Published Aug 16, 200520y ago · Modified Jun 16, 20262w ago
Published Aug 16, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
Threat Intelligence
EPSS Exploit Probability
34.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 4
References 22
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
- secunia.com http://secunia.com/advisories/17277
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/21339
- secunia.com http://secunia.com/advisories/25729
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- debian.org http://www.debian.org/security/2005/dsa-780
- debian.org http://www.debian.org/security/2006/dsa-1136
- debian.org http://www.debian.org/security/2006/dsa-936
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:138
- novell.com http://www.novell.com/linux/security/advisories/2005_19_sr.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-670.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-671.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-706.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-708.html
- securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/14529
- vupen.com http://www.vupen.com/english/advisories/2007/2280
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280
- usn.ubuntu.com https://usn.ubuntu.com/163-1/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.