FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0064

This CVE name corresponds to:

Entered Topic
2005-01-26 xpdf -- makeFileKey2() buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0064 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0064
Phase Assigned(20050113)

Description

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

References

Source Reference
IDEFENSE 20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
CONFIRM ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
CONECTIVA CLA-2005:921
DEBIAN DSA-645
DEBIAN DSA-648
FEDORA FLSA:2352
FEDORA FLSA:2353
GENTOO GLSA-200502-10
MANDRAKE MDKSA-2005:016
MANDRAKE MDKSA-2005:017
MANDRAKE MDKSA-2005:018
MANDRAKE MDKSA-2005:019
MANDRAKE MDKSA-2005:020
MANDRAKE MDKSA-2005:021
REDHAT RHSA-2005:034
REDHAT RHSA-2005:053
REDHAT RHSA-2005:057
REDHAT RHSA-2005:059
REDHAT RHSA-2005:066
REDHAT RHSA-2005:026
SCO SCOSA-2005.42
TRUSTIX 2005-0003
BUGTRAQ 20050119 [USN-64-1] xpdf, CUPS vulnerabilities
OVAL oval:org.mitre.oval:def:11781
SECUNIA 17277

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.