CVE-2005-3191

Name of the Vulnerable Software and Affected Versions kdegraphics versions prior to 3.4.3-r3 pdftohtml (affected versions not specified) xpdf versions prior to 3.01

Description The issue involves multiple vulnerabilities in the kdegraphics package and the pdftohtml package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, there are heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code of xpdf, which can cause a denial of service and possibly allow the execution of arbitrary code via a crafted PDF file.

Recommendations For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For xpdf versions prior to 3.01, update to version 3.01 or later. As a temporary workaround, consider avoiding the use of the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions until a patch is available. Restrict the processing of crafted PDF files to minimize the risk of exploitation.