Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026
CVE-2005-3627
CVE-2005-3627
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
86- lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlnvdPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2006-0177.htmlnvdPatchVendor Advisory
- secunia.com/advisories/18303nvdPatchVendor Advisory
- secunia.com/advisories/18312nvdPatchVendor Advisory
- secunia.com/advisories/18313nvdPatchVendor Advisory
- secunia.com/advisories/18334nvdPatchVendor Advisory
- secunia.com/advisories/18335nvdPatchVendor Advisory
- secunia.com/advisories/18338nvdPatchVendor Advisory
- secunia.com/advisories/18349nvdPatchVendor Advisory
- secunia.com/advisories/18385nvdPatchVendor Advisory
- secunia.com/advisories/18387nvdPatchVendor Advisory
- secunia.com/advisories/18389nvdPatchVendor Advisory
- secunia.com/advisories/18398nvdPatchVendor Advisory
- secunia.com/advisories/18407nvdPatchVendor Advisory
- secunia.com/advisories/18416nvdPatchVendor Advisory
- secunia.com/advisories/18423nvdPatchVendor Advisory
- secunia.com/advisories/18448nvdPatchVendor Advisory
- secunia.com/advisories/18517nvdPatchVendor Advisory
- secunia.com/advisories/18534nvdPatchVendor Advisory
- secunia.com/advisories/18554nvdPatchVendor Advisory
- secunia.com/advisories/18582nvdPatchVendor Advisory
- www.debian.org/security/2006/dsa-936nvdPatchVendor Advisory
- www.debian.org/security/2006/dsa-950nvdPatchVendor Advisory
- www.debian.org/security/2006/dsa-961nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200601-02.xmlnvdPatchVendor Advisory
- www.kde.org/info/security/advisory-20051207-2.txtnvdPatch
- www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.htmlnvdPatch
- www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.htmlnvdPatch
- www.redhat.com/support/errata/RHSA-2006-0160.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/16143nvdPatch
- scary.beasts.org/security/CESA-2005-003.txtnvdExploitVendor Advisory
- secunia.com/advisories/18329nvdVendor Advisory
- secunia.com/advisories/18332nvdVendor Advisory
- secunia.com/advisories/18375nvdVendor Advisory
- secunia.com/advisories/18642nvdVendor Advisory
- secunia.com/advisories/18644nvdVendor Advisory
- secunia.com/advisories/18674nvdVendor Advisory
- secunia.com/advisories/18675nvdVendor Advisory
- secunia.com/advisories/18679nvdVendor Advisory
- secunia.com/advisories/18908nvdVendor Advisory
- ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txtnvd
- patches.sgi.com/support/free/security/advisories/20051201-01-Unvd
- patches.sgi.com/support/free/security/advisories/20060101-01-Unvd
- patches.sgi.com/support/free/security/advisories/20060201-01-Unvd
- secunia.com/advisories/18147nvd
- secunia.com/advisories/18373nvd
- secunia.com/advisories/18380nvd
- secunia.com/advisories/18414nvd
- secunia.com/advisories/18425nvd
- secunia.com/advisories/18428nvd
- secunia.com/advisories/18436nvd
- secunia.com/advisories/18463nvd
- secunia.com/advisories/18913nvd
- secunia.com/advisories/19230nvd
- secunia.com/advisories/19377nvd
- secunia.com/advisories/25729nvd
- slackware.com/security/viewer.phpnvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- www.debian.org/security/2005/dsa-931nvd
- www.debian.org/security/2005/dsa-932nvd
- www.debian.org/security/2005/dsa-937nvd
- www.debian.org/security/2005/dsa-938nvd
- www.debian.org/security/2005/dsa-940nvd
- www.debian.org/security/2006/dsa-962nvd
- www.gentoo.org/security/en/glsa/glsa-200601-17.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.htmlnvd
- www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0163.htmlnvd
- www.securityfocus.com/archive/1/427053/100/0/threadednvd
- www.securityfocus.com/archive/1/427990/100/0/threadednvd
- www.trustix.org/errata/2006/0002/nvd
- www.vupen.com/english/advisories/2006/0047nvd
- www.vupen.com/english/advisories/2007/2280nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24024nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24025nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200nvd
- usn.ubuntu.com/236-1/nvd
News mentions
0No linked articles in our index yet.