CVE-2005-3626

NONE EPSS 87.4%
Published Dec 31, 200520y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 31, 2005 20y ago
Last Modified Jun 16, 2026 2w ago

Description

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Threat Intelligence

EPSS Exploit Probability
87.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-399

Affected Products 127

VendorProductVersionRange
easy_software_productscups1.1.22any
easy_software_productscups1.1.22_rc1any
easy_software_productscups1.1.23any
easy_software_productscups1.1.23_rc1any
kdekdegraphics3.2any
kdekdegraphics3.4.3any
kdekoffice1.4any
kdekoffice1.4.1any
kdekoffice1.4.2any
kdekpdf3.2any
kdekpdf3.4.3any
kdekword1.4.2any
libextractorlibextractor*any
popplerpoppler0.4.2any
sgipropack3.0any
tetextetex1.0.7any
tetextetex2.0any
tetextetex2.0.1any
tetextetex2.0.2any
tetextetex3.0any
xpdfxpdf3.0any
conectivalinux10.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
gentoolinux*any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux10.2any
mandrakesoftmandrake_linux10.2any
mandrakesoftmandrake_linux2006any
mandrakesoftmandrake_linux2006any
mandrakesoftmandrake_linux_corporate_server2.1any
mandrakesoftmandrake_linux_corporate_server2.1any
mandrakesoftmandrake_linux_corporate_server3.0any
mandrakesoftmandrake_linux_corporate_server3.0any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux_desktop3.0any
redhatenterprise_linux_desktop4.0any
redhatfedora_corecore_1.0any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any
redhatfedora_corecore_4.0any
redhatlinux7.3any
redhatlinux9.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
scoopenserver5.0.7any
scoopenserver6.0any
slackwareslackware_linux9.0any
slackwareslackware_linux9.1any
slackwareslackware_linux10.0any
slackwareslackware_linux10.1any
slackwareslackware_linux10.2any
susesuse_linux1.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any
susesuse_linux9.1any
susesuse_linux9.1any
susesuse_linux9.2any
susesuse_linux9.2any
susesuse_linux9.2any
susesuse_linux9.3any
susesuse_linux9.3any
susesuse_linux9.3any
susesuse_linux10.0any
susesuse_linux10.0any
trustixsecure_linux2.0any
trustixsecure_linux2.2any
trustixsecure_linux3.0any
turbolinuxturbolinux10any
turbolinuxturbolinuxfujiany
turbolinuxturbolinux_appliance_server1.0_hosting_editionany
turbolinuxturbolinux_appliance_server1.0_workgroup_editionany
turbolinuxturbolinux_desktop10.0any
turbolinuxturbolinux_home*any
turbolinuxturbolinux_multimedia*any
turbolinuxturbolinux_personal*any
turbolinuxturbolinux_server8.0any
turbolinuxturbolinux_server10.0any
turbolinuxturbolinux_server10.0_x86any
turbolinuxturbolinux_workstation8.0any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.10any
ubuntuubuntu_linux5.10any
ubuntuubuntu_linux5.10any

References 85

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
  • lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
    PatchVendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
    PatchVendor Advisory
  • scary.beasts.org http://scary.beasts.org/security/CESA-2005-003.txt
    Exploit
  • secunia.com http://secunia.com/advisories/18147
  • secunia.com http://secunia.com/advisories/18303
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18312
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18313
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18329
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18332
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18334
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18335
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18338
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18349
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18373
  • secunia.com http://secunia.com/advisories/18375
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18380
  • secunia.com http://secunia.com/advisories/18385
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18387
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18389
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18414
  • secunia.com http://secunia.com/advisories/18416
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18423
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18425
  • secunia.com http://secunia.com/advisories/18428
  • secunia.com http://secunia.com/advisories/18436
  • secunia.com http://secunia.com/advisories/18448
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18463
  • secunia.com http://secunia.com/advisories/18517
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18534
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18554
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18582
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18642
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18644
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18674
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18675
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18679
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18908
  • secunia.com http://secunia.com/advisories/18913
  • secunia.com http://secunia.com/advisories/19230
  • secunia.com http://secunia.com/advisories/19377
  • secunia.com http://secunia.com/advisories/25729
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
  • debian.org http://www.debian.org/security/2005/dsa-931
  • debian.org http://www.debian.org/security/2005/dsa-932
  • debian.org http://www.debian.org/security/2005/dsa-937
  • debian.org http://www.debian.org/security/2005/dsa-938
  • debian.org http://www.debian.org/security/2005/dsa-940
  • debian.org http://www.debian.org/security/2006/dsa-936
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-950
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-961
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-962
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
  • kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
    Patch
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
    Patch
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0163.html
  • securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/16143
    Patch
  • trustix.org http://www.trustix.org/errata/2006/0002/
  • vupen.com http://www.vupen.com/english/advisories/2006/0047
  • vupen.com http://www.vupen.com/english/advisories/2007/2280
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24026
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9992
  • usn.ubuntu.com https://usn.ubuntu.com/236-1/

Remediation

  • lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
    PatchVendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18312
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18313
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18334
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18335
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18338
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18349
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18385
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18387
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18389
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18416
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18423
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18448
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18517
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18534
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18554
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18582
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-936
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-950
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-961
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
    PatchVendor Advisory
  • kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
    Patch
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/16143
    Patch