CVE-2005-3626
NONE EPSS 87.4%
Published Dec 31, 200520y ago · Modified Jun 16, 20262w ago
Published Dec 31, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
Threat Intelligence
EPSS Exploit Probability
87.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-399
Affected Products 127
| Vendor | Product | Version | Range |
|---|---|---|---|
| easy_software_products | cups | 1.1.22 | any |
| easy_software_products | cups | 1.1.22_rc1 | any |
| easy_software_products | cups | 1.1.23 | any |
| easy_software_products | cups | 1.1.23_rc1 | any |
| kde | kdegraphics | 3.2 | any |
| kde | kdegraphics | 3.4.3 | any |
| kde | koffice | 1.4 | any |
| kde | koffice | 1.4.1 | any |
| kde | koffice | 1.4.2 | any |
| kde | kpdf | 3.2 | any |
| kde | kpdf | 3.4.3 | any |
| kde | kword | 1.4.2 | any |
| libextractor | libextractor | * | any |
| poppler | poppler | 0.4.2 | any |
| sgi | propack | 3.0 | any |
| tetex | tetex | 1.0.7 | any |
| tetex | tetex | 2.0 | any |
| tetex | tetex | 2.0.1 | any |
| tetex | tetex | 2.0.2 | any |
| tetex | tetex | 3.0 | any |
| xpdf | xpdf | 3.0 | any |
| conectiva | linux | 10.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| gentoo | linux | * | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | enterprise_linux_desktop | 4.0 | any |
| redhat | fedora_core | core_1.0 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| redhat | fedora_core | core_4.0 | any |
| redhat | linux | 7.3 | any |
| redhat | linux | 9.0 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| sco | openserver | 5.0.7 | any |
| sco | openserver | 6.0 | any |
| slackware | slackware_linux | 9.0 | any |
| slackware | slackware_linux | 9.1 | any |
| slackware | slackware_linux | 10.0 | any |
| slackware | slackware_linux | 10.1 | any |
| slackware | slackware_linux | 10.2 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 10.0 | any |
| suse | suse_linux | 10.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.2 | any |
| trustix | secure_linux | 3.0 | any |
| turbolinux | turbolinux | 10 | any |
| turbolinux | turbolinux | fuji | any |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition | any |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition | any |
| turbolinux | turbolinux_desktop | 10.0 | any |
| turbolinux | turbolinux_home | * | any |
| turbolinux | turbolinux_multimedia | * | any |
| turbolinux | turbolinux_personal | * | any |
| turbolinux | turbolinux_server | 8.0 | any |
| turbolinux | turbolinux_server | 10.0 | any |
| turbolinux | turbolinux_server | 10.0_x86 | any |
| turbolinux | turbolinux_workstation | 8.0 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
References 85
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
- scary.beasts.org http://scary.beasts.org/security/CESA-2005-003.txt
- secunia.com http://secunia.com/advisories/18147
- secunia.com http://secunia.com/advisories/18303
- secunia.com http://secunia.com/advisories/18312
- secunia.com http://secunia.com/advisories/18313
- secunia.com http://secunia.com/advisories/18329
- secunia.com http://secunia.com/advisories/18332
- secunia.com http://secunia.com/advisories/18334
- secunia.com http://secunia.com/advisories/18335
- secunia.com http://secunia.com/advisories/18338
- secunia.com http://secunia.com/advisories/18349
- secunia.com http://secunia.com/advisories/18373
- secunia.com http://secunia.com/advisories/18375
- secunia.com http://secunia.com/advisories/18380
- secunia.com http://secunia.com/advisories/18385
- secunia.com http://secunia.com/advisories/18387
- secunia.com http://secunia.com/advisories/18389
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/18414
- secunia.com http://secunia.com/advisories/18416
- secunia.com http://secunia.com/advisories/18423
- secunia.com http://secunia.com/advisories/18425
- secunia.com http://secunia.com/advisories/18428
- secunia.com http://secunia.com/advisories/18436
- secunia.com http://secunia.com/advisories/18448
- secunia.com http://secunia.com/advisories/18463
- secunia.com http://secunia.com/advisories/18517
- secunia.com http://secunia.com/advisories/18534
- secunia.com http://secunia.com/advisories/18554
- secunia.com http://secunia.com/advisories/18582
- secunia.com http://secunia.com/advisories/18642
- secunia.com http://secunia.com/advisories/18644
- secunia.com http://secunia.com/advisories/18674
- secunia.com http://secunia.com/advisories/18675
- secunia.com http://secunia.com/advisories/18679
- secunia.com http://secunia.com/advisories/18908
- secunia.com http://secunia.com/advisories/18913
- secunia.com http://secunia.com/advisories/19230
- secunia.com http://secunia.com/advisories/19377
- secunia.com http://secunia.com/advisories/25729
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- debian.org http://www.debian.org/security/2005/dsa-931
- debian.org http://www.debian.org/security/2005/dsa-932
- debian.org http://www.debian.org/security/2005/dsa-937
- debian.org http://www.debian.org/security/2005/dsa-938
- debian.org http://www.debian.org/security/2005/dsa-940
- debian.org http://www.debian.org/security/2006/dsa-936
- debian.org http://www.debian.org/security/2006/dsa-950
- debian.org http://www.debian.org/security/2006/dsa-961
- debian.org http://www.debian.org/security/2006/dsa-962
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0163.html
- securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/16143
- trustix.org http://www.trustix.org/errata/2006/0002/
- vupen.com http://www.vupen.com/english/advisories/2006/0047
- vupen.com http://www.vupen.com/english/advisories/2007/2280
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24026
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9992
- usn.ubuntu.com https://usn.ubuntu.com/236-1/
Remediation
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
- secunia.com http://secunia.com/advisories/18312
- secunia.com http://secunia.com/advisories/18313
- secunia.com http://secunia.com/advisories/18334
- secunia.com http://secunia.com/advisories/18335
- secunia.com http://secunia.com/advisories/18338
- secunia.com http://secunia.com/advisories/18349
- secunia.com http://secunia.com/advisories/18385
- secunia.com http://secunia.com/advisories/18387
- secunia.com http://secunia.com/advisories/18389
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/18416
- secunia.com http://secunia.com/advisories/18423
- secunia.com http://secunia.com/advisories/18448
- secunia.com http://secunia.com/advisories/18517
- secunia.com http://secunia.com/advisories/18534
- secunia.com http://secunia.com/advisories/18554
- secunia.com http://secunia.com/advisories/18582
- debian.org http://www.debian.org/security/2006/dsa-936
- debian.org http://www.debian.org/security/2006/dsa-950
- debian.org http://www.debian.org/security/2006/dsa-961
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
- securityfocus.com http://www.securityfocus.com/bid/16143