CVE-2005-3625
NONE EPSS 88.9%
Published Dec 31, 200520y ago · Modified Jun 16, 20262w ago
Published Dec 31, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Threat Intelligence
EPSS Exploit Probability
88.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-399
Affected Products 127
| Vendor | Product | Version | Range |
|---|---|---|---|
| easy_software_products | cups | 1.1.22 | any |
| easy_software_products | cups | 1.1.22_rc1 | any |
| easy_software_products | cups | 1.1.23 | any |
| easy_software_products | cups | 1.1.23_rc1 | any |
| kde | kdegraphics | 3.2 | any |
| kde | kdegraphics | 3.4.3 | any |
| kde | koffice | 1.4 | any |
| kde | koffice | 1.4.1 | any |
| kde | koffice | 1.4.2 | any |
| kde | kpdf | 3.2 | any |
| kde | kpdf | 3.4.3 | any |
| kde | kword | 1.4.2 | any |
| libextractor | libextractor | * | any |
| poppler | poppler | 0.4.2 | any |
| sgi | propack | 3.0 | any |
| tetex | tetex | 1.0.7 | any |
| tetex | tetex | 2.0 | any |
| tetex | tetex | 2.0.1 | any |
| tetex | tetex | 2.0.2 | any |
| tetex | tetex | 3.0 | any |
| xpdf | xpdf | 3.0 | any |
| conectiva | linux | 10.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| gentoo | linux | * | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | enterprise_linux_desktop | 4.0 | any |
| redhat | fedora_core | core_1.0 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| redhat | fedora_core | core_4.0 | any |
| redhat | linux | 7.3 | any |
| redhat | linux | 9.0 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| sco | openserver | 5.0.7 | any |
| sco | openserver | 6.0 | any |
| slackware | slackware_linux | 9.0 | any |
| slackware | slackware_linux | 9.1 | any |
| slackware | slackware_linux | 10.0 | any |
| slackware | slackware_linux | 10.1 | any |
| slackware | slackware_linux | 10.2 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 10.0 | any |
| suse | suse_linux | 10.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.2 | any |
| trustix | secure_linux | 3.0 | any |
| turbolinux | turbolinux | 10 | any |
| turbolinux | turbolinux | fuji | any |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition | any |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition | any |
| turbolinux | turbolinux_desktop | 10.0 | any |
| turbolinux | turbolinux_home | * | any |
| turbolinux | turbolinux_multimedia | * | any |
| turbolinux | turbolinux_personal | * | any |
| turbolinux | turbolinux_server | 8.0 | any |
| turbolinux | turbolinux_server | 10.0 | any |
| turbolinux | turbolinux_server | 10.0_x86 | any |
| turbolinux | turbolinux_workstation | 8.0 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
References 85
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
- scary.beasts.org http://scary.beasts.org/security/CESA-2005-003.txt
- secunia.com http://secunia.com/advisories/18147
- secunia.com http://secunia.com/advisories/18303
- secunia.com http://secunia.com/advisories/18312
- secunia.com http://secunia.com/advisories/18313
- secunia.com http://secunia.com/advisories/18329
- secunia.com http://secunia.com/advisories/18332
- secunia.com http://secunia.com/advisories/18334
- secunia.com http://secunia.com/advisories/18335
- secunia.com http://secunia.com/advisories/18338
- secunia.com http://secunia.com/advisories/18349
- secunia.com http://secunia.com/advisories/18373
- secunia.com http://secunia.com/advisories/18375
- secunia.com http://secunia.com/advisories/18380
- secunia.com http://secunia.com/advisories/18385
- secunia.com http://secunia.com/advisories/18387
- secunia.com http://secunia.com/advisories/18389
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/18414
- secunia.com http://secunia.com/advisories/18416
- secunia.com http://secunia.com/advisories/18423
- secunia.com http://secunia.com/advisories/18425
- secunia.com http://secunia.com/advisories/18428
- secunia.com http://secunia.com/advisories/18436
- secunia.com http://secunia.com/advisories/18448
- secunia.com http://secunia.com/advisories/18463
- secunia.com http://secunia.com/advisories/18517
- secunia.com http://secunia.com/advisories/18534
- secunia.com http://secunia.com/advisories/18554
- secunia.com http://secunia.com/advisories/18582
- secunia.com http://secunia.com/advisories/18642
- secunia.com http://secunia.com/advisories/18644
- secunia.com http://secunia.com/advisories/18674
- secunia.com http://secunia.com/advisories/18675
- secunia.com http://secunia.com/advisories/18679
- secunia.com http://secunia.com/advisories/18908
- secunia.com http://secunia.com/advisories/18913
- secunia.com http://secunia.com/advisories/19230
- secunia.com http://secunia.com/advisories/19377
- secunia.com http://secunia.com/advisories/25729
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- debian.org http://www.debian.org/security/2005/dsa-931
- debian.org http://www.debian.org/security/2005/dsa-932
- debian.org http://www.debian.org/security/2005/dsa-937
- debian.org http://www.debian.org/security/2005/dsa-938
- debian.org http://www.debian.org/security/2005/dsa-940
- debian.org http://www.debian.org/security/2006/dsa-936
- debian.org http://www.debian.org/security/2006/dsa-950
- debian.org http://www.debian.org/security/2006/dsa-961
- debian.org http://www.debian.org/security/2006/dsa-962
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0163.html
- securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/16143
- trustix.org http://www.trustix.org/errata/2006/0002/
- vupen.com http://www.vupen.com/english/advisories/2006/0047
- vupen.com http://www.vupen.com/english/advisories/2007/2280
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24023
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575
- usn.ubuntu.com https://usn.ubuntu.com/236-1/
Remediation
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
- secunia.com http://secunia.com/advisories/18303
- secunia.com http://secunia.com/advisories/18312
- secunia.com http://secunia.com/advisories/18313
- secunia.com http://secunia.com/advisories/18334
- secunia.com http://secunia.com/advisories/18335
- secunia.com http://secunia.com/advisories/18338
- secunia.com http://secunia.com/advisories/18349
- secunia.com http://secunia.com/advisories/18385
- secunia.com http://secunia.com/advisories/18387
- secunia.com http://secunia.com/advisories/18389
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/18416
- secunia.com http://secunia.com/advisories/18423
- secunia.com http://secunia.com/advisories/18448
- secunia.com http://secunia.com/advisories/18517
- secunia.com http://secunia.com/advisories/18534
- secunia.com http://secunia.com/advisories/18554
- secunia.com http://secunia.com/advisories/18582
- debian.org http://www.debian.org/security/2006/dsa-936
- debian.org http://www.debian.org/security/2006/dsa-950
- debian.org http://www.debian.org/security/2006/dsa-961
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
- securityfocus.com http://www.securityfocus.com/bid/16143