CVE-2005-3193

Name of the Vulnerable Software and Affected Versions kdegraphics versions prior to 3.4.3-r3 pdftohtml (affected versions not specified) xpdf version 3.01 and earlier

Description The issue involves multiple vulnerabilities in the kdegraphics package and the pdftohtml package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, a heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code for xpdf can cause a denial of service and possibly allow the execution of arbitrary code via a crafted PDF file.

Recommendations For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For xpdf version 3.01 and earlier, consider disabling the use of the JPXStream::readCodestream function until a patch is available. Restrict the processing of PDF files with large size values to minimize the risk of exploitation.