CVE-2005-3627

Name of the Vulnerable Software and Affected Versions kdegraphics versions prior to 3.4.3-r3 pdftohtml (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the kdegraphics package and the pdftohtml package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The problem is also related to a vulnerability in Stream.cc in Xpdf, which can allow attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with certain unvalidated values, including a large "number of components" value, a large "Huffman table index" value, and certain uses of the scanInfo.numComps value.

Recommendations For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the DCTStream::readBaselineSOF and DCTStream::readProgressiveSOF functions, as well as the DCTStream::readHuffmanTables function, until a patch is available.