CVE Vulnerabilities


Published: Aug 16, 2005 | Modified: Oct 19, 2018
CVSS 3.x
CVSS 2.x
2.1 LOW

xpdf and kpdf do not properly validate the loca table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a broken loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Affected Software

Name Vendor Start Version End Version
Kpdf Kde * *
Xpdf Xpdf 3.0 3.0
Xpdf Xpdf 3.0_pl2 3.0_pl2
Xpdf Xpdf 3.0_pl3 3.0_pl3
Red Hat Enterprise Linux 3 RedHat cups-1:1.1.17-13.3.31 *
Red Hat Enterprise Linux 4 RedHat xpdf-1:3.00-11.8 *
Red Hat Enterprise Linux 4 RedHat kdegraphics-7:3.3.1-3.4 *
Red Hat Enterprise Linux 4 RedHat cups-1:1.1.22-0.rc1.9.7 *
Red Hat Enterprise Linux 4 RedHat gpdf-0:2.8.2-4.4 *
Cups Ubuntu devel *
Cups Ubuntu intrepid *
Cups Ubuntu jaunty *
Cups Ubuntu karmic *
Cupsys Ubuntu gutsy *
Cupsys Ubuntu hardy *
Gpdf Ubuntu dapper *
Gpdf Ubuntu edgy *
Poppler Ubuntu dapper *
Poppler Ubuntu devel *
Poppler Ubuntu edgy *
Poppler Ubuntu feisty *
Poppler Ubuntu gutsy *
Poppler Ubuntu hardy *
Poppler Ubuntu intrepid *
Poppler Ubuntu jaunty *
Poppler Ubuntu karmic *
Xpdf Ubuntu dapper *
Xpdf Ubuntu devel *
Xpdf Ubuntu edgy *
Xpdf Ubuntu feisty *
Xpdf Ubuntu gutsy *
Xpdf Ubuntu hardy *
Xpdf Ubuntu intrepid *
Xpdf Ubuntu jaunty *
Xpdf Ubuntu karmic *