CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Published : 2005-12-31 05:00 Updated : 2018-10-19 15:37

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Tetex Tetex 2.0.2 cpe:/a:tetex:tetex:2.0.2
Kde Kdegraphics 3.4.3 cpe:/a:kde:kdegraphics:3.4.3
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::mipsel
Turbolinux Turbolinux Personal cpe:/o:turbolinux:turbolinux_personal
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::ia-64
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::ia-64
Turbolinux Turbolinux Workstation 8.0 cpe:/o:turbolinux:turbolinux_workstation:8.0
Redhat Linux 7.3 cpe:/o:redhat:linux:7.3::i386
Tetex Tetex 2.0.1 cpe:/a:tetex:tetex:2.0.1
Suse Suse Linux 9.0 cpe:/o:suse:suse_linux:9.0::s_390
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::m68k
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::m68k
Redhat Enterprise Linux 3.0 cpe:/o:redhat:enterprise_linux:3.0::advanced_server
Redhat Enterprise Linux 3.0 cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
Tetex Tetex 2.0 cpe:/a:tetex:tetex:2.0
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1
Ubuntu Ubuntu Linux 4.1 cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::arm
Suse Suse Linux 9.3 cpe:/o:suse:suse_linux:9.3::x86_64
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::arm
Suse Suse Linux 9.0 cpe:/o:suse:suse_linux:9.0::x86_64
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::sparc
Suse Suse Linux 9.2 cpe:/o:suse:suse_linux:9.2::x86_64
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::s-390
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::s-390
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::sparc
Turbolinux Turbolinux fuji cpe:/o:turbolinux:turbolinux:fuji
Suse Suse Linux 9.1 cpe:/o:suse:suse_linux:9.1::x86_64
Redhat Fedora Core core_2.0 cpe:/o:redhat:fedora_core:core_2.0
Sco Openserver 5.0.7 cpe:/o:sco:openserver:5.0.7
Ubuntu Ubuntu Linux 5.10 cpe:/o:ubuntu:ubuntu_linux:5.10::amd64
Turbolinux Turbolinux Server 10.0_x86 cpe:/o:turbolinux:turbolinux_server:10.0_x86
Trustix Secure Linux 2.2 cpe:/o:trustix:secure_linux:2.2
Trustix Secure Linux 2.0 cpe:/o:trustix:secure_linux:2.0
Redhat Enterprise Linux 2.1 cpe:/o:redhat:enterprise_linux:2.1::workstation
Redhat Linux Advanced Workstation 2.1 cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
Mandrakesoft Mandrake Linux Corporate Server 2.1 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::mipsel
Turbolinux Turbolinux Desktop 10.0 cpe:/o:turbolinux:turbolinux_desktop:10.0
Turbolinux Turbolinux Appliance Server 1.0_workgroup_edition cpe:/o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition
Easy Software Products Cups 1.1.23_rc1 cpe:/a:easy_software_products:cups:1.1.23_rc1
Turbolinux Turbolinux Home cpe:/o:turbolinux:turbolinux_home
Turbolinux Turbolinux Server 8.0 cpe:/o:turbolinux:turbolinux_server:8.0
Turbolinux Turbolinux 10 cpe:/o:turbolinux:turbolinux:10
Kde Koffice 1.4 cpe:/a:kde:koffice:1.4
Libextractor Libextractor cpe:/a:libextractor:libextractor
Redhat Enterprise Linux 3.0 cpe:/o:redhat:enterprise_linux:3.0::workstation_server
Slackware Slackware Linux 10.2 cpe:/o:slackware:slackware_linux:10.2
Slackware Slackware Linux 10.0 cpe:/o:slackware:slackware_linux:10.0
Slackware Slackware Linux 10.1 cpe:/o:slackware:slackware_linux:10.1
Ubuntu Ubuntu Linux 5.04 cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc
Redhat Enterprise Linux 2.1 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
Redhat Enterprise Linux 4.0 cpe:/o:redhat:enterprise_linux:4.0::advanced_server
Conectiva Linux 10.0 cpe:/o:conectiva:linux:10.0
Redhat Enterprise Linux 2.1 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
Redhat Fedora Core core_3.0 cpe:/o:redhat:fedora_core:core_3.0
Kde Kdegraphics 3.2 cpe:/a:kde:kdegraphics:3.2
Ubuntu Ubuntu Linux 5.04 cpe:/o:ubuntu:ubuntu_linux:5.04::amd64
Mandrakesoft Mandrake Linux Corporate Server 3.0 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64
Redhat Enterprise Linux 2.1 cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::amd64
Mandrakesoft Mandrake Linux 2006 cpe:/o:mandrakesoft:mandrake_linux:2006
Mandrakesoft Mandrake Linux 2006 cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64
Ubuntu Ubuntu Linux 5.10 cpe:/o:ubuntu:ubuntu_linux:5.10::i386
Ubuntu Ubuntu Linux 5.10 cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc
Gentoo Linux cpe:/o:gentoo:linux
Redhat Linux 9.0 cpe:/o:redhat:linux:9.0::i386
Turbolinux Turbolinux Multimedia cpe:/o:turbolinux:turbolinux_multimedia
Easy Software Products Cups 1.1.22 cpe:/a:easy_software_products:cups:1.1.22
Easy Software Products Cups 1.1.23 cpe:/a:easy_software_products:cups:1.1.23
Redhat Linux Advanced Workstation 2.1 cpe:/o:redhat:linux_advanced_workstation:2.1::itanium
Xpdf Xpdf 3.0 cpe:/a:xpdf:xpdf:3.0
Mandrakesoft Mandrake Linux 10.1 cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64
Mandrakesoft Mandrake Linux 10.2 cpe:/o:mandrakesoft:mandrake_linux:10.2::x86-64
Poppler Poppler 0.4.2 cpe:/a:poppler:poppler:0.4.2
Redhat Fedora Core core_4.0 cpe:/o:redhat:fedora_core:core_4.0
Suse Suse Linux 10.0 cpe:/o:suse:suse_linux:10.0::oss
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::hppa
Redhat Enterprise Linux Desktop 3.0 cpe:/o:redhat:enterprise_linux_desktop:3.0
Suse Suse Linux 9.0 cpe:/o:suse:suse_linux:9.0::personal
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::ia-32
Suse Suse Linux 9.3 cpe:/o:suse:suse_linux:9.3::personal
Tetex Tetex 1.0.7 cpe:/a:tetex:tetex:1.0.7
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::ia-32
Suse Suse Linux 9.1 cpe:/o:suse:suse_linux:9.1::personal
Suse Suse Linux 9.0 cpe:/o:suse:suse_linux:9.0::enterprise_server
Suse Suse Linux 9.2 cpe:/o:suse:suse_linux:9.2::personal
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::alpha
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::hppa
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::alpha
Suse Suse Linux 10.0 cpe:/o:suse:suse_linux:10.0::professional
Mandrakesoft Mandrake Linux 10.2 cpe:/o:mandrakesoft:mandrake_linux:10.2
Redhat Enterprise Linux 4.0 cpe:/o:redhat:enterprise_linux:4.0::workstation
Slackware Slackware Linux 9.0 cpe:/o:slackware:slackware_linux:9.0
Mandrakesoft Mandrake Linux 10.1 cpe:/o:mandrakesoft:mandrake_linux:10.1
Slackware Slackware Linux 9.1 cpe:/o:slackware:slackware_linux:9.1
Mandrakesoft Mandrake Linux Corporate Server 3.0 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0
Redhat Enterprise Linux 2.1 cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
Kde Kpdf 3.4.3 cpe:/a:kde:kpdf:3.4.3
Ubuntu Ubuntu Linux 4.1 cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
Kde Kword 1.4.2 cpe:/a:kde:kword:1.4.2
Easy Software Products Cups 1.1.22_rc1 cpe:/a:easy_software_products:cups:1.1.22_rc1
Kde Kpdf 3.2 cpe:/a:kde:kpdf:3.2
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::mips
Redhat Enterprise Linux 2.1 cpe:/o:redhat:enterprise_linux:2.1::advanced_server
Tetex Tetex 3.0 cpe:/a:tetex:tetex:3.0
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::mips
Redhat Enterprise Linux 4.0 cpe:/o:redhat:enterprise_linux:4.0::enterprise_server
Sgi Propack 3.0 cpe:/a:sgi:propack:3.0:sp6
Redhat Fedora Core core_1.0 cpe:/o:redhat:fedora_core:core_1.0
Suse Suse Linux 9.2 cpe:/o:suse:suse_linux:9.2::professional
Debian Debian Linux 3.0 cpe:/o:debian:debian_linux:3.0::ppc
Suse Suse Linux 9.1 cpe:/o:suse:suse_linux:9.1::professional
Suse Suse Linux 9.3 cpe:/o:suse:suse_linux:9.3::professional
Suse Suse Linux 9.0 cpe:/o:suse:suse_linux:9.0::professional
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1::ppc
Sco Openserver 6.0 cpe:/o:sco:openserver:6.0
Kde Koffice 1.4.1 cpe:/a:kde:koffice:1.4.1
Kde Koffice 1.4.2 cpe:/a:kde:koffice:1.4.2
Trustix Secure Linux 3.0 cpe:/o:trustix:secure_linux:3.0
Turbolinux Turbolinux Appliance Server 1.0_hosting_edition cpe:/o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition
Redhat Enterprise Linux Desktop 4.0 cpe:/o:redhat:enterprise_linux_desktop:4.0
Turbolinux Turbolinux Server 10.0 cpe:/o:turbolinux:turbolinux_server:10.0
Ubuntu Ubuntu Linux 5.04 cpe:/o:ubuntu:ubuntu_linux:5.04::i386
Suse Suse Linux 1.0 cpe:/o:suse:suse_linux:1.0
Mandrakesoft Mandrake Linux Corporate Server 2.1 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1
  1. Gentoo (1) Search CVE
    1. Linux (1) Search CVE
  2. Xpdf (1) Search CVE
    1. Xpdf (1) Search CVE
      1. 3.0
  3. Trustix (1) Search CVE
    1. Secure Linux (3) Search CVE
      1. 2.2
      2. 2.0
      3. 3.0
  4. Sco (1) Search CVE
    1. Openserver (2) Search CVE
      1. 5.0.7
      2. 6.0
  5. Kde (4) Search CVE
    1. Kword (1) Search CVE
      1. 1.4.2
    2. Kdegraphics (2) Search CVE
      1. 3.4.3
      2. 3.2
    3. Koffice (3) Search CVE
      1. 1.4
      2. 1.4.1
      3. 1.4.2
    4. Kpdf (2) Search CVE
      1. 3.4.3
      2. 3.2
  6. Suse (1) Search CVE
    1. Suse Linux (6) Search CVE
      1. 9.0
      2. 9.3
      3. 9.2
      4. 9.1
      5. 10.0
      6. 1.0
  7. Conectiva (1) Search CVE
    1. Linux (1) Search CVE
      1. 10.0
  8. Sgi (1) Search CVE
    1. Propack (1) Search CVE
      1. 3.0
  9. Turbolinux (8) Search CVE
    1. Turbolinux Personal (1) Search CVE
    2. Turbolinux Workstation (1) Search CVE
      1. 8.0
    3. Turbolinux Appliance Server (2) Search CVE
      1. 1.0_workgroup_edition
      2. 1.0_hosting_edition
    4. Turbolinux Desktop (1) Search CVE
      1. 10.0
    5. Turbolinux Multimedia (1) Search CVE
    6. Turbolinux (2) Search CVE
      1. Fuji
      2. 10
    7. Turbolinux Home (1) Search CVE
    8. Turbolinux Server (3) Search CVE
      1. 10.0_x86
      2. 8.0
      3. 10.0
  10. Ubuntu (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 4.1
      2. 5.10
      3. 5.04
  11. Slackware (1) Search CVE
    1. Slackware Linux (5) Search CVE
      1. 10.2
      2. 10.0
      3. 10.1
      4. 9.0
      5. 9.1
  12. Easy Software Products (1) Search CVE
    1. Cups (4) Search CVE
      1. 1.1.23_rc1
      2. 1.1.22
      3. 1.1.23
      4. 1.1.22_rc1
  13. Poppler (1) Search CVE
    1. Poppler (1) Search CVE
      1. 0.4.2
  14. Tetex (1) Search CVE
    1. Tetex (5) Search CVE
      1. 2.0.2
      2. 2.0.1
      3. 2.0
      4. 1.0.7
      5. 3.0
  15. Redhat (5) Search CVE
    1. Fedora Core (4) Search CVE
      1. Core_2.0
      2. Core_3.0
      3. Core_4.0
      4. Core_1.0
    2. Enterprise Linux Desktop (2) Search CVE
      1. 3.0
      2. 4.0
    3. Enterprise Linux (3) Search CVE
      1. 3.0
      2. 2.1
      3. 4.0
    4. Linux Advanced Workstation (1) Search CVE
      1. 2.1
    5. Linux (2) Search CVE
      1. 7.3
      2. 9.0
  16. Libextractor (1) Search CVE
    1. Libextractor (1) Search CVE
  17. Mandrakesoft (2) Search CVE
    1. Mandrake Linux (3) Search CVE
      1. 2006
      2. 10.1
      3. 10.2
    2. Mandrake Linux Corporate Server (2) Search CVE
      1. 2.1
      2. 3.0
  18. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 3.1
      2. 3.0

CWE

ID Name Description Links
CWE-399 Resource Management Errors Weaknesses in this category are related to improper management of system resources. CVE

References

Source Link
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/24023
UBUNTU https://usn.ubuntu.com/236-1/
FEDORA http://www.securityfocus.com/archive/1/427053/100/0/threaded
FEDORA http://www.securityfocus.com/archive/1/427990/100/0/threaded
SCO ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
SGI ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
SGI ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
SUSE http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
REDHAT http://rhn.redhat.com/errata/RHSA-2006-0177.html
MISC http://scary.beasts.org/security/CESA-2005-003.txt
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
DEBIAN http://www.debian.org/security/2005/dsa-931
DEBIAN http://www.debian.org/security/2005/dsa-932
DEBIAN http://www.debian.org/security/2005/dsa-937
DEBIAN http://www.debian.org/security/2005/dsa-938
DEBIAN http://www.debian.org/security/2005/dsa-940
DEBIAN http://www.debian.org/security/2006/dsa-936
DEBIAN http://www.debian.org/security/2006/dsa-950
DEBIAN http://www.debian.org/security/2006/dsa-961
DEBIAN http://www.debian.org/security/2006/dsa-962
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
CONFIRM http://www.kde.org/info/security/advisory-20051207-2.txt
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
CONFIRM http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
CONFIRM http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0160.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0163.html
BID http://www.securityfocus.com/bid/16143
TRUSTIX http://www.trustix.org/errata/2006/0002/
VUPEN http://www.vupen.com/english/advisories/2006/0047
VUPEN http://www.vupen.com/english/advisories/2007/2280