CVE-2005-3192 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-3192 Interim 1 3 2021-06-09T08:35:08Z current 2021-05-30T12:33:45Z 2021-06-09T08:35:08Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-3192 Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2006-01/msg00007.html E-Mail link for SUSE-SA:2006:001 https://lists.opensuse.org/opensuse-security-announce/2005-12/msg00010.html E-Mail link for SUSE-SR:2005:029 https://lists.opensuse.org/opensuse-security-announce/2005-12/msg00013.html E-Mail link for SUSE-SR:2005:030 https://lists.opensuse.org/opensuse-security-announce/2006-01/msg00009.html E-Mail link for SUSE-SR:2006:001 https://lists.opensuse.org/opensuse-security-announce/2006-01/msg00011.html E-Mail link for SUSE-SR:2006:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. CVE-2005-3192 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P