Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka Infinite CPU spins.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cups | Easy_software_products | 1.1.22 (including) | 1.1.22 (including) |
| Cups | Easy_software_products | 1.1.22_rc1 (including) | 1.1.22_rc1 (including) |
| Cups | Easy_software_products | 1.1.23 (including) | 1.1.23 (including) |
| Cups | Easy_software_products | 1.1.23_rc1 (including) | 1.1.23_rc1 (including) |
| Kdegraphics | Kde | 3.2 (including) | 3.2 (including) |
| Kdegraphics | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Koffice | Kde | 1.4 (including) | 1.4 (including) |
| Koffice | Kde | 1.4.1 (including) | 1.4.1 (including) |
| Koffice | Kde | 1.4.2 (including) | 1.4.2 (including) |
| Kpdf | Kde | 3.2 (including) | 3.2 (including) |
| Kpdf | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Kword | Kde | 1.4.2 (including) | 1.4.2 (including) |
| Libextractor | Libextractor | * | * |
| Poppler | Poppler | 0.4.2 (including) | 0.4.2 (including) |
| Propack | Sgi | 3.0-sp6 (including) | 3.0-sp6 (including) |
| Tetex | Tetex | 1.0.7 (including) | 1.0.7 (including) |
| Tetex | Tetex | 2.0 (including) | 2.0 (including) |
| Tetex | Tetex | 2.0.1 (including) | 2.0.1 (including) |
| Tetex | Tetex | 2.0.2 (including) | 2.0.2 (including) |
| Tetex | Tetex | 3.0 (including) | 3.0 (including) |
| Xpdf | Xpdf | 3.0 (including) | 3.0 (including) |
| Linux | Conectiva | 10.0 (including) | 10.0 (including) |