CVE-2005-3628

NONE EPSS 89.7%
Published Dec 31, 200520y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 31, 2005 20y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

Threat Intelligence

EPSS Exploit Probability
89.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 1

VendorProductVersionRange
xpdfxpdf*any

References 38

  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
  • lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18147
  • secunia.com http://secunia.com/advisories/18380
  • secunia.com http://secunia.com/advisories/18385
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18387
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18389
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18416
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18428
  • secunia.com http://secunia.com/advisories/18436
  • secunia.com http://secunia.com/advisories/18534
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18582
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18674
  • secunia.com http://secunia.com/advisories/18675
  • secunia.com http://secunia.com/advisories/18679
  • secunia.com http://secunia.com/advisories/18908
  • secunia.com http://secunia.com/advisories/18913
  • secunia.com http://secunia.com/advisories/19230
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
  • debian.org http://www.debian.org/security/2005/dsa-931
  • debian.org http://www.debian.org/security/2005/dsa-932
  • debian.org http://www.debian.org/security/2005/dsa-937
  • debian.org http://www.debian.org/security/2005/dsa-938
  • debian.org http://www.debian.org/security/2005/dsa-940
  • debian.org http://www.debian.org/security/2006/dsa-936
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-950
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-961
  • debian.org http://www.debian.org/security/2006/dsa-962
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287

Remediation

  • lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18385
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18387
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18389
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18416
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18534
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18582
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-936
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-950
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
    PatchVendor Advisory