CVE-2005-3626 (CNNVD-200512-830)
MEDIUM
中文标题:
KPdf和KWord多个缓冲区溢出漏洞
英文标题:
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth...
CVSS分数:
5.0
发布时间:
2006-01-06 22:00:00
漏洞类型:
资源管理错误
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
KPdf是kdegraphics软件包中捆绑的基于KDE的PDF浏览器,KWord是koffice软件包中捆绑的基于KDE的文字处理器。 KPdf和KWord都包含有用于处理PDF文件的Xpdf代码,该Xpdf代码中存在几个堆溢出和整数溢出。如果攻击者能够诱骗用户使用Kpdf或KWord打开特制的PDF文件的话,就可以以受影响应用程序的权限执行任意代码。
英文描述:
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CWE类型:
CWE-399
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| easy_software_products | cups | 1.1.22 | - | - |
cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
|
| easy_software_products | cups | 1.1.22_rc1 | - | - |
cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
|
| easy_software_products | cups | 1.1.23 | - | - |
cpe:2.3:a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
|
| easy_software_products | cups | 1.1.23_rc1 | - | - |
cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
|
| kde | kdegraphics | 3.2 | - | - |
cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
|
| kde | kdegraphics | 3.4.3 | - | - |
cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*
|
| kde | koffice | 1.4 | - | - |
cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*
|
| kde | koffice | 1.4.1 | - | - |
cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*
|
| kde | koffice | 1.4.2 | - | - |
cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*
|
| kde | kpdf | 3.2 | - | - |
cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
|
| kde | kpdf | 3.4.3 | - | - |
cpe:2.3:a:kde:kpdf:3.4.3:*:*:*:*:*:*:*
|
| kde | kword | 1.4.2 | - | - |
cpe:2.3:a:kde:kword:1.4.2:*:*:*:*:*:*:*
|
| libextractor | libextractor | * | - | - |
cpe:2.3:a:libextractor:libextractor:*:*:*:*:*:*:*:*
|
| poppler | poppler | 0.4.2 | - | - |
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
|
| sgi | propack | 3.0 | - | - |
cpe:2.3:a:sgi:propack:3.0:sp6:*:*:*:*:*:*
|
| tetex | tetex | 1.0.7 | - | - |
cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
|
| tetex | tetex | 2.0 | - | - |
cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
|
| tetex | tetex | 2.0.1 | - | - |
cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
|
| tetex | tetex | 2.0.2 | - | - |
cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
|
| tetex | tetex | 3.0 | - | - |
cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*
|
| xpdf | xpdf | 3.0 | - | - |
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
|
| conectiva | linux | 10.0 | - | - |
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 3.0 | - | - |
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 3.1 | - | - |
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
|
| gentoo | linux | * | - | - |
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
|
| mandrakesoft | mandrake_linux | 10.1 | - | - |
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
|
| mandrakesoft | mandrake_linux | 10.2 | - | - |
cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*
|
| mandrakesoft | mandrake_linux | 2006 | - | - |
cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
|
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | - | - |
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
|
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | - | - |
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux | 2.1 | - | - |
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
|
| redhat | enterprise_linux | 3.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
|
| redhat | enterprise_linux | 4.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
|
| redhat | enterprise_linux_desktop | 3.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_desktop | 4.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
|
| redhat | fedora_core | core_1.0 | - | - |
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
|
| redhat | fedora_core | core_2.0 | - | - |
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
|
| redhat | fedora_core | core_3.0 | - | - |
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
|
| redhat | fedora_core | core_4.0 | - | - |
cpe:2.3:o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*
|
| redhat | linux | 7.3 | - | - |
cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
|
| redhat | linux | 9.0 | - | - |
cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
|
| redhat | linux_advanced_workstation | 2.1 | - | - |
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
|
| sco | openserver | 5.0.7 | - | - |
cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
|
| sco | openserver | 6.0 | - | - |
cpe:2.3:o:sco:openserver:6.0:*:*:*:*:*:*:*
|
| slackware | slackware_linux | 9.0 | - | - |
cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
|
| slackware | slackware_linux | 9.1 | - | - |
cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
|
| slackware | slackware_linux | 10.0 | - | - |
cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
|
| slackware | slackware_linux | 10.1 | - | - |
cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*
|
| slackware | slackware_linux | 10.2 | - | - |
cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*
|
| suse | suse_linux | 1.0 | - | - |
cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*
|
| suse | suse_linux | 9.0 | - | - |
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
|
| suse | suse_linux | 9.1 | - | - |
cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
|
| suse | suse_linux | 9.2 | - | - |
cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
|
| suse | suse_linux | 9.3 | - | - |
cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
|
| suse | suse_linux | 10.0 | - | - |
cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
|
| trustix | secure_linux | 2.0 | - | - |
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
|
| trustix | secure_linux | 2.2 | - | - |
cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
|
| trustix | secure_linux | 3.0 | - | - |
cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*
|
| turbolinux | turbolinux | 10 | - | - |
cpe:2.3:o:turbolinux:turbolinux:10:*:*:*:*:*:*:*
|
| turbolinux | turbolinux | fuji | - | - |
cpe:2.3:o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition | - | - |
cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition | - | - |
cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_desktop | 10.0 | - | - |
cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_home | * | - | - |
cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_multimedia | * | - | - |
cpe:2.3:o:turbolinux:turbolinux_multimedia:*:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_personal | * | - | - |
cpe:2.3:o:turbolinux:turbolinux_personal:*:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_server | 8.0 | - | - |
cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_server | 10.0 | - | - |
cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_server | 10.0_x86 | - | - |
cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:*:*:*:*:*:*:*
|
| turbolinux | turbolinux_workstation | 8.0 | - | - |
cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*
|
| ubuntu | ubuntu_linux | 4.1 | - | - |
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
|
| ubuntu | ubuntu_linux | 5.04 | - | - |
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
|
| ubuntu | ubuntu_linux | 5.10 | - | - |
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
16143
vdb-entry
cve.org
访问
cve.org
DSA-932
vendor-advisory
cve.org
访问
cve.org
18349
third-party-advisory
cve.org
访问
cve.org
18147
third-party-advisory
cve.org
访问
cve.org
SCOSA-2006.15
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
18679
third-party-advisory
cve.org
访问
cve.org
18312
third-party-advisory
cve.org
访问
cve.org
18644
third-party-advisory
cve.org
访问
cve.org
USN-236-1
vendor-advisory
cve.org
访问
cve.org
18425
third-party-advisory
cve.org
访问
cve.org
18373
third-party-advisory
cve.org
访问
cve.org
oval:org.mitre.oval:def:9992
vdb-entry
cve.org
访问
cve.org
18303
third-party-advisory
cve.org
访问
cve.org
DSA-931
vendor-advisory
cve.org
访问
cve.org
18554
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:003
vendor-advisory
cve.org
访问
cve.org
19230
third-party-advisory
cve.org
访问
cve.org
102972
vendor-advisory
cve.org
访问
cve.org
MDKSA-2006:012
vendor-advisory
cve.org
访问
cve.org
DSA-962
vendor-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
RHSA-2006:0163
vendor-advisory
cve.org
访问
cve.org
DSA-937
vendor-advisory
cve.org
访问
cve.org
18398
third-party-advisory
cve.org
访问
cve.org
FLSA-2006:176751
vendor-advisory
cve.org
访问
cve.org
2006-0002
vendor-advisory
cve.org
访问
cve.org
SUSE-SA:2006:001
vendor-advisory
cve.org
访问
cve.org
DSA-936
vendor-advisory
cve.org
访问
cve.org
FEDORA-2005-026
vendor-advisory
cve.org
访问
cve.org
18329
third-party-advisory
cve.org
访问
cve.org
18463
third-party-advisory
cve.org
访问
cve.org
18642
third-party-advisory
cve.org
访问
cve.org
18674
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:005
vendor-advisory
cve.org
访问
cve.org
18313
third-party-advisory
cve.org
访问
cve.org
20051201-01-U
vendor-advisory
cve.org
访问
cve.org
20060101-01-U
vendor-advisory
cve.org
访问
cve.org
18448
third-party-advisory
cve.org
访问
cve.org
18436
third-party-advisory
cve.org
访问
cve.org
18428
third-party-advisory
cve.org
访问
cve.org
xpdf-flatedecode-dos(24026)
vdb-entry
cve.org
访问
cve.org
18380
third-party-advisory
cve.org
访问
cve.org
18423
third-party-advisory
cve.org
访问
cve.org
18416
third-party-advisory
cve.org
访问
cve.org
RHSA-2006:0177
vendor-advisory
cve.org
访问
cve.org
ADV-2007-2280
vdb-entry
cve.org
访问
cve.org
GLSA-200601-02
vendor-advisory
cve.org
访问
cve.org
18335
third-party-advisory
cve.org
访问
cve.org
18407
third-party-advisory
cve.org
访问
cve.org
18332
third-party-advisory
cve.org
访问
cve.org
18517
third-party-advisory
cve.org
访问
cve.org
18582
third-party-advisory
cve.org
访问
cve.org
18534
third-party-advisory
cve.org
访问
cve.org
SSA:2006-045-09
vendor-advisory
cve.org
访问
cve.org
18908
third-party-advisory
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
25729
third-party-advisory
cve.org
访问
cve.org
18414
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:006
vendor-advisory
cve.org
访问
cve.org
18338
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:008
vendor-advisory
cve.org
访问
cve.org
20060201-01-U
vendor-advisory
cve.org
访问
cve.org
RHSA-2006:0160
vendor-advisory
cve.org
访问
cve.org
MDKSA-2006:010
vendor-advisory
cve.org
访问
cve.org
DSA-940
vendor-advisory
cve.org
访问
cve.org
MDKSA-2006:004
vendor-advisory
cve.org
访问
cve.org
ADV-2006-0047
vdb-entry
cve.org
访问
cve.org
GLSA-200601-17
vendor-advisory
cve.org
访问
cve.org
18389
third-party-advisory
cve.org
访问
cve.org
SSA:2006-045-04
vendor-advisory
cve.org
访问
cve.org
19377
third-party-advisory
cve.org
访问
cve.org
FEDORA-2005-025
vendor-advisory
cve.org
访问
cve.org
FLSA:175404
vendor-advisory
cve.org
访问
cve.org
DSA-961
vendor-advisory
cve.org
访问
cve.org
18675
third-party-advisory
cve.org
访问
cve.org
18913
third-party-advisory
cve.org
访问
cve.org
DSA-938
vendor-advisory
cve.org
访问
cve.org
18334
third-party-advisory
cve.org
访问
cve.org
18375
third-party-advisory
cve.org
访问
cve.org
DSA-950
vendor-advisory
cve.org
访问
cve.org
18387
third-party-advisory
cve.org
访问
cve.org
MDKSA-2006:011
vendor-advisory
cve.org
访问
cve.org
18385
third-party-advisory
cve.org
访问
cve.org
CVSS评分详情
5.0
MEDIUM
CVSS向量:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS版本:
2.0
机密性
NONE
完整性
NONE
可用性
PARTIAL
时间信息
发布时间:
2006-01-06 22:00:00
修改时间:
2024-08-07 23:17:23
创建时间:
2025-11-11 15:32:29
更新时间:
2025-11-11 15:49:03
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2005-3626 |
2025-11-11 15:17:36 | 2025-11-11 07:32:29 |
| NVD | nvd_CVE-2005-3626 |
2025-11-11 14:51:21 | 2025-11-11 07:41:15 |
| CNNVD | cnnvd_CNNVD-200512-830 |
2025-11-11 15:08:49 | 2025-11-11 07:49:03 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:49:03
vulnerability_type: 未提取 → 资源管理错误; cnnvd_id: 未提取 → CNNVD-200512-830; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 资源管理错误
- cnnvd_id: 未提取 -> CNNVD-200512-830
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:15
cvss_score: 未提取 → 5.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:N/I:N/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 73; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:N/I:N/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 73
- data_sources: ['cve'] -> ['cve', 'nvd']