VYPR
Unrated severityNVD Advisory· Published Dec 7, 2005· Updated Jun 16, 2026

CVE-2005-3193

CVE-2005-3193

Description

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • Xpdf/Xpdf16 versions
    cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
    • cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*
    • (no CPE)range: <=3.01

Patches

Vulnerability mechanics

References

111

News mentions

0

No linked articles in our index yet.