Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xpdf | Xpdf | 0.2 (including) | 0.2 (including) |
| Xpdf | Xpdf | 0.3 (including) | 0.3 (including) |
| Xpdf | Xpdf | 0.4 (including) | 0.4 (including) |
| Xpdf | Xpdf | 0.5 (including) | 0.5 (including) |
| Xpdf | Xpdf | 0.5a (including) | 0.5a (including) |
| Xpdf | Xpdf | 0.6 (including) | 0.6 (including) |
| Xpdf | Xpdf | 0.7 (including) | 0.7 (including) |
| Xpdf | Xpdf | 0.7a (including) | 0.7a (including) |
| Xpdf | Xpdf | 0.80 (including) | 0.80 (including) |
| Xpdf | Xpdf | 0.90 (including) | 0.90 (including) |
| Xpdf | Xpdf | 0.91 (including) | 0.91 (including) |
| Xpdf | Xpdf | 0.91a (including) | 0.91a (including) |
| Xpdf | Xpdf | 0.91b (including) | 0.91b (including) |
| Xpdf | Xpdf | 0.91c (including) | 0.91c (including) |
| Xpdf | Xpdf | 0.92 (including) | 0.92 (including) |
| Xpdf | Xpdf | 0.92a (including) | 0.92a (including) |
| Xpdf | Xpdf | 0.92b (including) | 0.92b (including) |
| Xpdf | Xpdf | 0.92c (including) | 0.92c (including) |
| Xpdf | Xpdf | 0.92d (including) | 0.92d (including) |
| Xpdf | Xpdf | 0.92e (including) | 0.92e (including) |
| Xpdf | Xpdf | 0.93 (including) | 0.93 (including) |
| Xpdf | Xpdf | 0.93a (including) | 0.93a (including) |
| Xpdf | Xpdf | 0.93b (including) | 0.93b (including) |
| Xpdf | Xpdf | 0.93c (including) | 0.93c (including) |
| Xpdf | Xpdf | 1.0 (including) | 1.0 (including) |
| Xpdf | Xpdf | 1.0a (including) | 1.0a (including) |
| Xpdf | Xpdf | 1.1 (including) | 1.1 (including) |
| Xpdf | Xpdf | 2.0 (including) | 2.0 (including) |
| Xpdf | Xpdf | 2.1 (including) | 2.1 (including) |
| Xpdf | Xpdf | 2.2 (including) | 2.2 (including) |
| Xpdf | Xpdf | 2.3 (including) | 2.3 (including) |
| Xpdf | Xpdf | 3.0 (including) | 3.0 (including) |