PublicDate: 2005-12-31 05:00:00 UTC
Candidate: CVE-2005-3627
References:
 https://ubuntu.com/security/notices/USN-236-2
 https://ubuntu.com/security/notices/USN-236-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
Description:
 Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
 poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify
 memory and possibly execute arbitrary code via a DCTDecode stream with (1)
 a large "number of components" value that is not checked by
 DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large
 "Huffman table index" value that is not checked by
 DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps
 value by DCTStream::readScanInfo.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_gpdf: released (2.10.0-2)
edgy_gpdf: released (2.10.0-2)
feisty_gpdf: DNE
devel_gpdf: DNE
dapper_tetex-bin: not-affected
edgy_tetex-bin: not-affected
feisty_tetex-bin: not-affected
devel_tetex-bin: DNE
dapper_koffice: released (1.5.0-0ubuntu9.2)
edgy_koffice: released (1.5.2-0ubuntu2.2)
feisty_koffice: released (1.6.2-0ubuntu1.1)
devel_koffice: released (1.6.3-0ubuntu5)
dapper_poppler: released (0.5.1-0ubuntu7.2)
edgy_poppler: released (0.5.4-0ubuntu4.2)
feisty_poppler: released (0.5.4-0ubuntu8.1)
devel_poppler: released (0.6-0ubuntu1)
dapper_kdegraphics: released (3.5.2-0ubuntu6)
edgy_kdegraphics: released (3.5.2-0ubuntu6)
feisty_kdegraphics: released (3.5.2-0ubuntu6)
devel_kdegraphics: released (3.5.2-0ubuntu6)
dapper_cupsys: not-affected
edgy_cupsys: not-affected
feisty_cupsys: not-affected
upstream_cupsys: needs-triage
upstream_gpdf: needs-triage
upstream_kdegraphics: needs-triage
upstream_koffice: needs-triage
upstream_poppler: needs-triage
upstream_tetex-bin: needs-triage