Red Hat Customer Portal

Skip to main content

CVE-2005-3627

Impact:
Important
Public Date:
2006-01-03

The MITRE CVE dictionary describes this issue as:

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Find out more about CVE-2005-3627 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 (tetex) RHSA-2006:0160 2006-01-19
Red Hat Enterprise Linux 2.1 (xpdf) RHSA-2005:840 2005-12-06
Red Hat Enterprise Linux 3 (cups) RHSA-2006:0163 2006-01-11
Red Hat Enterprise Linux 3 (tetex) RHSA-2006:0160 2006-01-19
Red Hat Enterprise Linux 4 (kdegraphics) RHSA-2005:868 2005-12-20
Red Hat Enterprise Linux 4 (xpdf) RHSA-2005:840 2005-12-06
Red Hat Enterprise Linux 3 (xpdf) RHSA-2005:840 2005-12-06
Red Hat Enterprise Linux 4 (gpdf) RHSA-2006:0177 2006-01-11
Red Hat Enterprise Linux 4 (cups) RHSA-2006:0163 2006-01-11
Red Hat Enterprise Linux 4 (tetex) RHSA-2006:0160 2006-01-19

Acknowledgements

Red Hat would like to thank Chris Evans for reporting this issue.