Description
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
References (85)
Core 85
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18349
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18147
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16143
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575
Patch, Vendor Advisory x_refsource_confirm
http://www.kde.org/info/security/advisory-20051207-2.txt
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/236-1/
Patch x_refsource_confirm
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/427053/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24023
Patch x_refsource_confirm
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0160.html
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2006/0002/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-932
Various Sources vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
Exploit x_refsource_misc
http://scary.beasts.org/security/CESA-2005-003.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18679
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18312
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18644
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18425
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18373
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18303
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-931
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18554
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19230
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-962
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0163.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-937
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18398
Patch vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-936
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18329
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18463
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18642
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18674
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18313
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18448
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18436
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18428
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18380
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18423
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18416
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2006-0177.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2280
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18335
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18407
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18332
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18517
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18582
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18534
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18908
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25729
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18414
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18338
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-940
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0047
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18389
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19377
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/427990/100/0/threaded
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-961
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18675
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18913
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-938
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18334
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18375
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-950
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18387
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18385
Scores
EPSS
0.1129
EPSS Percentile
93.6%
Details
CWE
CWE-399
Status
published
Products (22)
conectiva/linux
10.0
debian/debian_linux
3.0 (12 CPE variants)
debian/debian_linux
3.1 (13 CPE variants)
easy_software_products/cups
1.1.22
easy_software_products/cups
1.1.22_rc1
easy_software_products/cups
1.1.23
easy_software_products/cups
1.1.23_rc1
gentoo/linux
kde/kdegraphics
3.2
kde/kdegraphics
3.4.3
... and 12 more
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026