PT-2005-3038 · Kpdf+2 · Kpdf+2

Chris Evans

Published

2005-08-09

Updated

2018-10-19

CVE-2005-2097

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: xpdf (affected versions not specified) kpdf (affected versions not specified)

Description: The issue arises from improper validation of the "loca" table in PDF files, allowing local users to cause a denial of service. This can be achieved by creating a PDF file with a "broken" loca table, which in turn causes xpdf to create a large temporary file when attempting to reconstruct the information, resulting in disk consumption and hang.

Recommendations: For xpdf, consider implementing proper validation of the "loca" table in PDF files to prevent the creation of large temporary files. For kpdf, apply similar validation measures to the "loca" table to mitigate the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2097

DSA-1136-1

DSA-780-1

DSA-936-1

DSA-982-1

DSA-984-1

DTSA-28-1

RHSA-2005:670

RHSA-2005:671

RHSA-2005:706

RHSA-2005:708

RHSA-2005_670

RHSA-2005_671

RHSA-2005_706

RHSA-2005_708

Affected Products

Red Hat

Kpdf

Xpdf

PT-2005-3038 · Kpdf+2 · Kpdf+2

CVE-2005-2097

Related Identifiers

Affected Products

References · 31