VYPR
Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-3627

CVE-2005-3627

Description

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xpdf/Xpdf2 versions
    cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

86

News mentions

0

No linked articles in our index yet.