CVE-2005-3192

Common Vulnerabilities and Exposures

Upstream information

CVE-2005-3192 at MITRE

Description

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 137156, 142106

SUSE Security Advisories:

SUSE-SA:2006:001, published Wed, 11 Jan 2006 11:00:00 +0000
SUSE-SR:2005:029, published Fri, 09 Dec 2005 16:00:00 +0000
SUSE-SR:2005:030, published Fri, 16 Dec 2005 16:00:00 +0000
SUSE-SR:2006:001, published Fri, 13 Jan 2006 14:00:00 +0000
SUSE-SR:2006:002, published Fri, 20 Jan 2006 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.0	`pdftohtml >= 0.36-130.2`
SuSE Linux 9.0 for AMD64 SuSE Linux 9.0 for IA32	`pdftohtml >= 0.36-136`
SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64	`pdftohtml >= 0.36-112.11`
SUSE LINUX 9.2	`pdftohtml >= 0.36-115.10`
SUSE LINUX 9.3	`pdftohtml >= 0.36-129.2`
SUSE LINUX 10.0	`poppler >= 0.4.2-3.2` `poppler-devel >= 0.4.2-3.2`
SuSE Linux Desktop 1.0	`koffice-wordprocessing >= 1.2.1-210`	Builds
SUSE LINUX 10.0	`xpdf >= 3.00-92.2`
SuSE Linux 9.0 for AMD64 SuSE Linux 9.0 for IA32	`xpdf >= 2.02pl1-150`
SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64	`xpdf >= 3.00-64.35`
SUSE LINUX 9.2	`xpdf >= 3.00-78.11`
SUSE LINUX 9.3	`xpdf >= 3.00-87.2`
SUSE LINUX 10.0	`gpdf >= 2.10.0-12.2`
SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64	`gpdf >= 0.112.1-26.10`
SUSE LINUX 9.2	`gpdf >= 0.131-11.10`
SUSE LINUX 9.3	`gpdf >= 2.10.0-4.4`
SUSE LINUX 10.0	`kdegraphics3-pdf >= 3.4.2-12.2`
SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64	`kdegraphics3-pdf >= 3.2.1-67.16`
SUSE LINUX 9.2	`kdegraphics3-pdf >= 3.3.0-13.7`
SUSE LINUX 9.3	`kdegraphics3-pdf >= 3.4.0-11.5`
SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for X86-64 SLES SDK 9 for x86	`xpdf >= 3.00-64.35`	core9.x86 core9.ia64 core9.ppc core9.s390 YOU Patch Nr: 10811
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Open Enterprise Server	`cups >= 1.1.20-108.31`	core9.ia64 core9.ppc sles9-nlpos.x86 core9.s390 core9.x86-64 slox4,2.x86 YOU Patch Nr: 10819
SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`cups >= 1.1.15-181`	core9.ia64 core9.ppc sles9-nlpos.x86 core9.s390 core9.x86-64 slox4,2.x86 YOU Patch Nr: 10819
SUSE LINUX 10.0	`koffice-wordprocessing >= 1.4.1-10.3`
SuSE Linux 9.0 for AMD64 SuSE Linux 9.0 for IA32	`koffice-wordprocessing >= 1.2.92-89`
SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64	`koffice-wordprocessing >= 1.3-67.4`
SUSE LINUX 9.2	`koffice-wordprocessing >= 1.3.3-3.4`
SUSE LINUX 9.3	`koffice-wordprocessing >= 1.3.5-11.3`
SUSE LINUX 10.0	`cups >= 1.1.23-21.2`
SUSE LINUX 9.3	`cups >= 1.1.23-7.2`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy