CVE-2005-3192

Name of the Vulnerable Software and Affected Versions kdegraphics versions prior to 3.4.3-r3 Xpdf version 3.01 pdftohtml (affected versions not specified)

Description The issue involves multiple vulnerabilities in the kdegraphics package and pdftohtml, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the StreamPredictor function in Xpdf, also used in products like Poppler, teTeX, KDE kpdf, pdftohtml, KOffice KWord, CUPS, and libextractor, allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps field.

Recommendations For kdegraphics versions prior to 3.4.3-r3, update to version 3.4.3-r3 or later. For Xpdf version 3.01, consider disabling the StreamPredictor function until a patch is available. For pdftohtml, at the moment, there is no information about a newer version that contains a fix for this vulnerability.