CVE-2005-3193 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-3193 Interim 1 13 2023-07-03T02:19:47Z current 2021-05-30T12:33:45Z 2023-07-03T02:19:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-3193 Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2006-01/msg00007.html E-Mail link for SUSE-SA:2006:001 https://lists.opensuse.org/opensuse-security-announce/2005-12/msg00010.html E-Mail link for SUSE-SR:2005:029 https://lists.opensuse.org/opensuse-security-announce/2005-12/msg00013.html E-Mail link for SUSE-SR:2005:030 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 openSUSE Tumbleweed cups-2.3.3op2-4.2 cups-client-2.3.3op2-4.2 cups-config-2.3.3op2-4.2 cups-ddk-2.3.3op2-4.2 cups-devel-2.3.3op2-4.2 cups-devel-32bit-2.3.3op2-4.2 cups154 cups154-client cups154-filters cups154-libs libcups2-2.3.3op2-4.2 libcups2-32bit-2.3.3op2-4.2 libcupsimage2-2.3.3op2-4.2 libcupsimage2-32bit-2.3.3op2-4.2 cups-2.3.3op2-4.2 as a component of openSUSE Tumbleweed cups-client-2.3.3op2-4.2 as a component of openSUSE Tumbleweed cups-config-2.3.3op2-4.2 as a component of openSUSE Tumbleweed cups-ddk-2.3.3op2-4.2 as a component of openSUSE Tumbleweed cups-devel-2.3.3op2-4.2 as a component of openSUSE Tumbleweed cups-devel-32bit-2.3.3op2-4.2 as a component of openSUSE Tumbleweed libcups2-2.3.3op2-4.2 as a component of openSUSE Tumbleweed libcups2-32bit-2.3.3op2-4.2 as a component of openSUSE Tumbleweed libcupsimage2-2.3.3op2-4.2 as a component of openSUSE Tumbleweed libcupsimage2-32bit-2.3.3op2-4.2 as a component of openSUSE Tumbleweed cups154 as a component of SUSE Linux Enterprise Module for Legacy 12 cups154-client as a component of SUSE Linux Enterprise Module for Legacy 12 cups154-filters as a component of SUSE Linux Enterprise Module for Legacy 12 cups154-libs as a component of SUSE Linux Enterprise Module for Legacy 12 Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. CVE-2005-3193 openSUSE Tumbleweed:cups-2.3.3op2-4.2 openSUSE Tumbleweed:cups-client-2.3.3op2-4.2 openSUSE Tumbleweed:cups-config-2.3.3op2-4.2 openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2 openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2 openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2 openSUSE Tumbleweed:libcups2-2.3.3op2-4.2 openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2 openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2 openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2 SUSE Linux Enterprise Module for Legacy 12:cups154 SUSE Linux Enterprise Module for Legacy 12:cups154-client SUSE Linux Enterprise Module for Legacy 12:cups154-filters SUSE Linux Enterprise Module for Legacy 12:cups154-libs moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P