CVE-2005-2097

NONE EPSS 34.5%
Published Aug 16, 200520y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 16, 2005 20y ago
Last Modified Jun 16, 2026 2w ago

Description

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Threat Intelligence

EPSS Exploit Probability
34.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 4

VendorProductVersionRange
kdekpdf*any
xpdfxpdf3.0any
xpdfxpdf3.0_pl2any
xpdfxpdf3.0_pl3any

References 22

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
  • secunia.com http://secunia.com/advisories/17277
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/21339
  • secunia.com http://secunia.com/advisories/25729
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
  • debian.org http://www.debian.org/security/2005/dsa-780
  • debian.org http://www.debian.org/security/2006/dsa-1136
  • debian.org http://www.debian.org/security/2006/dsa-936
    Vendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:138
  • novell.com http://www.novell.com/linux/security/advisories/2005_19_sr.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-670.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-671.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-706.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-708.html
  • securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/14529
  • vupen.com http://www.vupen.com/english/advisories/2007/2280
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280
  • usn.ubuntu.com https://usn.ubuntu.com/163-1/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.