CVE-2005-3191 (CNNVD-200512-114)
MEDIUM
中文标题:
多家厂商xpdf DCTStream Progressive堆溢出漏洞
英文标题:
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::rea...
CVSS分数:
5.1
发布时间:
2005-12-07 01:00:00
漏洞类型:
授权问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Xpdf是便携文档格式(PDF)文件的开放源码浏览器。 多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。 DCT流解析代码没有充分的验证用户输入。xpdf/Stream.cc的DCTStream::readProgressiveSOF函数从PDF文件的用户可控数据中读取numComps的值,然后在循环中使用该值将数据拷贝到预先分配的堆缓冲区中,如下所示: GBool DCTStream::readProgressiveSOF() { ... numComps = str->getChar(); ... for (i = 0; i < numComps; ++i) { compInfo[i].id = str->getChar(); c = str->getChar(); compInfo[i].hSample = (c >> 4) & 0x0f; compInfo[i].vSample = c & 0x0f; compInfo[i].quantTable = str->getChar(); } ... 向numComps提供过大的值就可以导致破坏堆内存。成功利用这个漏洞的攻击者可以导致拒绝服务或执行任意代码。
英文描述:
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
CWE类型:
CWE-119
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| xpdf | xpdf | 0.90 | - | - |
cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
|
| xpdf | xpdf | 0.91 | - | - |
cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
|
| xpdf | xpdf | 0.92 | - | - |
cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
|
| xpdf | xpdf | 0.93 | - | - |
cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
|
| xpdf | xpdf | 1.0 | - | - |
cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
|
| xpdf | xpdf | 1.0a | - | - |
cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
|
| xpdf | xpdf | 1.1 | - | - |
cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
|
| xpdf | xpdf | 2.0 | - | - |
cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
|
| xpdf | xpdf | 2.1 | - | - |
cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
|
| xpdf | xpdf | 2.2 | - | - |
cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
|
| xpdf | xpdf | 2.3 | - | - |
cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
|
| xpdf | xpdf | 3.0 | - | - |
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
|
| xpdf | xpdf | 3.0.1 | - | - |
cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
|
| xpdf | xpdf | 3.0_pl2 | - | - |
cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
|
| xpdf | xpdf | 3.0_pl3 | - | - |
cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
234
third-party-advisory
cve.org
访问
cve.org
17929
third-party-advisory
cve.org
访问
cve.org
19797
third-party-advisory
cve.org
访问
cve.org
SCOSA-2006.20
vendor-advisory
cve.org
访问
cve.org
233
third-party-advisory
cve.org
访问
cve.org
DSA-932
vendor-advisory
cve.org
访问
cve.org
18349
third-party-advisory
cve.org
访问
cve.org
18147
third-party-advisory
cve.org
访问
cve.org
SCOSA-2006.15
vendor-advisory
cve.org
访问
cve.org
18055
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
18503
third-party-advisory
cve.org
访问
cve.org
18549
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
18679
third-party-advisory
cve.org
访问
cve.org
18189
third-party-advisory
cve.org
访问
cve.org
26413
third-party-advisory
cve.org
访问
cve.org
17940
third-party-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:9760
vdb-entry
cve.org
访问
cve.org
xpdf-dctstream-baseline-bo(23444)
vdb-entry
cve.org
访问
cve.org
18303
third-party-advisory
cve.org
访问
cve.org
DSA-931
vendor-advisory
cve.org
访问
cve.org
18554
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:003
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
19230
third-party-advisory
cve.org
访问
cve.org
102972
vendor-advisory
cve.org
访问
cve.org
MDKSA-2006:012
vendor-advisory
cve.org
访问
cve.org
DSA-962
vendor-advisory
cve.org
访问
cve.org
1015309
vdb-entry
cve.org
访问
cve.org
DSA-937
vendor-advisory
cve.org
访问
cve.org
18398
third-party-advisory
cve.org
访问
cve.org
FLSA-2006:176751
vendor-advisory
cve.org
访问
cve.org
SUSE-SA:2006:001
vendor-advisory
cve.org
访问
cve.org
DSA-936
vendor-advisory
cve.org
访问
cve.org
17916
third-party-advisory
cve.org
访问
cve.org
20051205 Multiple Vendor xpdf DCTStream Progressive Heap Overflow
third-party-advisory
cve.org
访问
cve.org
RHSA-2005:840
vendor-advisory
cve.org
访问
cve.org
ADV-2005-2789
vdb-entry
cve.org
访问
cve.org
RHSA-2005:867
vendor-advisory
cve.org
访问
cve.org
18674
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:005
vendor-advisory
cve.org
访问
cve.org
18313
third-party-advisory
cve.org
访问
cve.org
15727
vdb-entry
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2005:868
vendor-advisory
cve.org
访问
cve.org
20051201-01-U
vendor-advisory
cve.org
访问
cve.org
20060101-01-U
vendor-advisory
cve.org
访问
cve.org
18448
third-party-advisory
cve.org
访问
cve.org
18436
third-party-advisory
cve.org
访问
cve.org
18428
third-party-advisory
cve.org
访问
cve.org
18380
third-party-advisory
cve.org
访问
cve.org
GLSA-200512-08
vendor-advisory
cve.org
访问
cve.org
FEDORA-2005-1126
vendor-advisory
cve.org
访问
cve.org
18416
third-party-advisory
cve.org
访问
cve.org
ADV-2007-2280
vdb-entry
cve.org
访问
cve.org
15726
vdb-entry
cve.org
访问
cve.org
GLSA-200601-02
vendor-advisory
cve.org
访问
cve.org
FEDORA-2005-1142
vendor-advisory
cve.org
访问
cve.org
18336
third-party-advisory
cve.org
访问
cve.org
18061
third-party-advisory
cve.org
访问
cve.org
18407
third-party-advisory
cve.org
访问
cve.org
18009
third-party-advisory
cve.org
访问
cve.org
17908
third-party-advisory
cve.org
访问
cve.org
USN-227-1
vendor-advisory
cve.org
访问
cve.org
17897
third-party-advisory
cve.org
访问
cve.org
Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability
third-party-advisory
cve.org
访问
cve.org
18517
third-party-advisory
cve.org
访问
cve.org
18582
third-party-advisory
cve.org
访问
cve.org
SUSE-SR:2006:002
vendor-advisory
cve.org
访问
cve.org
18534
third-party-advisory
cve.org
访问
cve.org
SSA:2006-045-09
vendor-advisory
cve.org
访问
cve.org
TSLSA-2005-0072
vendor-advisory
cve.org
访问
cve.org
FEDORA-2005-1127
vendor-advisory
cve.org
访问
cve.org
20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice
mailing-list
cve.org
访问
cve.org
xpdf-dctstream-progressive-bo(23443)
vdb-entry
cve.org
访问
cve.org
18908
third-party-advisory
cve.org
访问
cve.org
25729
third-party-advisory
cve.org
访问
cve.org
ADV-2005-2786
vdb-entry
cve.org
访问
cve.org
MDKSA-2006:006
vendor-advisory
cve.org
访问
cve.org
ADV-2005-2788
vdb-entry
cve.org
访问
cve.org
17926
third-party-advisory
cve.org
访问
cve.org
19798
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:008
vendor-advisory
cve.org
访问
cve.org
18191
third-party-advisory
cve.org
访问
cve.org
20060201-01-U
vendor-advisory
cve.org
访问
cve.org
RHSA-2006:0160
vendor-advisory
cve.org
访问
cve.org
17912
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:010
vendor-advisory
cve.org
访问
cve.org
17921
third-party-advisory
cve.org
访问
cve.org
DSA-940
vendor-advisory
cve.org
访问
cve.org
MDKSA-2006:004
vendor-advisory
cve.org
访问
cve.org
ADV-2005-2790
vdb-entry
cve.org
访问
cve.org
18389
third-party-advisory
cve.org
访问
cve.org
18192
third-party-advisory
cve.org
访问
cve.org
ADV-2005-2856
vdb-entry
cve.org
访问
cve.org
SSA:2006-045-04
vendor-advisory
cve.org
访问
cve.org
19377
third-party-advisory
cve.org
访问
cve.org
FLSA:175404
vendor-advisory
cve.org
访问
cve.org
DSA-961
vendor-advisory
cve.org
访问
cve.org
SCOSA-2006.21
vendor-advisory
cve.org
访问
cve.org
18675
third-party-advisory
cve.org
访问
cve.org
1015324
vdb-entry
cve.org
访问
cve.org
18913
third-party-advisory
cve.org
访问
cve.org
DSA-938
vendor-advisory
cve.org
访问
cve.org
SUSE-SR:2005:029
vendor-advisory
cve.org
访问
cve.org
ADV-2005-2787
vdb-entry
cve.org
访问
cve.org
RHSA-2005:878
vendor-advisory
cve.org
访问
cve.org
FEDORA-2005-1141
vendor-advisory
cve.org
访问
cve.org
17920
third-party-advisory
cve.org
访问
cve.org
DSA-950
vendor-advisory
cve.org
访问
cve.org
17955
third-party-advisory
cve.org
访问
cve.org
17976
third-party-advisory
cve.org
访问
cve.org
18387
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:011
vendor-advisory
cve.org
访问
cve.org
18385
third-party-advisory
cve.org
访问
cve.org
CVSS评分详情
5.1
MEDIUM
CVSS向量:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS版本:
2.0
机密性
PARTIAL
完整性
PARTIAL
可用性
PARTIAL
时间信息
发布时间:
2005-12-07 01:00:00
修改时间:
2024-08-07 23:01:58
创建时间:
2025-11-11 15:32:28
更新时间:
2025-11-11 15:49:02
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2005-3191 |
2025-11-11 15:17:36 | 2025-11-11 07:32:28 |
| NVD | nvd_CVE-2005-3191 |
2025-11-11 14:51:20 | 2025-11-11 07:41:14 |
| CNNVD | cnnvd_CNNVD-200512-114 |
2025-11-11 15:08:49 | 2025-11-11 07:49:02 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:49:02
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200512-114; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200512-114
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:14
cvss_score: 未提取 → 5.1; cvss_vector: NOT_EXTRACTED → AV:N/AC:H/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 15; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.1
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:H/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 15
- data_sources: ['cve'] -> ['cve', 'nvd']