Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2006-01-06T22:00:00
Updated: 2024-08-07T23:17:23.441Z
Reserved: 2005-11-16T00:00:00
Link: CVE-2005-3627
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-12-31T05:00:00.000
Modified: 2018-10-19T15:37:58.570
Link: CVE-2005-3627
Redhat