Unrated severityNVD Advisory· Published Aug 16, 2005· Updated Apr 16, 2026

CVE-2005-2097

Description

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Affected products

KDE/Kpdf
cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*
Xpdf/Xpdf3 versions
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/17277nvdVendor Advisory
secunia.com/advisories/18398nvdVendor Advisory
secunia.com/advisories/18407nvdVendor Advisory
www.debian.org/security/2006/dsa-936nvdVendor Advisory
ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txtnvd
secunia.com/advisories/21339nvd
secunia.com/advisories/25729nvd
sunsolve.sun.com/search/document.donvd
www.debian.org/security/2005/dsa-780nvd
www.debian.org/security/2006/dsa-1136nvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2005_19_sr.htmlnvd
www.redhat.com/support/errata/RHSA-2005-670.htmlnvd
www.redhat.com/support/errata/RHSA-2005-671.htmlnvd
www.redhat.com/support/errata/RHSA-2005-706.htmlnvd
www.redhat.com/support/errata/RHSA-2005-708.htmlnvd
www.securityfocus.com/archive/1/427053/100/0/threadednvd
www.securityfocus.com/archive/1/427990/100/0/threadednvd
www.securityfocus.com/bid/14529nvd
www.vupen.com/english/advisories/2007/2280nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280nvd
usn.ubuntu.com/163-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000