Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka Infinite CPU spins.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cups | Easy_software_products | 1.1.22 (including) | 1.1.22 (including) |
Cups | Easy_software_products | 1.1.22_rc1 (including) | 1.1.22_rc1 (including) |
Cups | Easy_software_products | 1.1.23 (including) | 1.1.23 (including) |
Cups | Easy_software_products | 1.1.23_rc1 (including) | 1.1.23_rc1 (including) |
Kdegraphics | Kde | 3.2 (including) | 3.2 (including) |
Kdegraphics | Kde | 3.4.3 (including) | 3.4.3 (including) |
Koffice | Kde | 1.4 (including) | 1.4 (including) |
Koffice | Kde | 1.4.1 (including) | 1.4.1 (including) |
Koffice | Kde | 1.4.2 (including) | 1.4.2 (including) |
Kpdf | Kde | 3.2 (including) | 3.2 (including) |
Kpdf | Kde | 3.4.3 (including) | 3.4.3 (including) |
Kword | Kde | 1.4.2 (including) | 1.4.2 (including) |
Libextractor | Libextractor | * | * |
Poppler | Poppler | 0.4.2 (including) | 0.4.2 (including) |
Propack | Sgi | 3.0-sp6 (including) | 3.0-sp6 (including) |
Tetex | Tetex | 1.0.7 (including) | 1.0.7 (including) |
Tetex | Tetex | 2.0 (including) | 2.0 (including) |
Tetex | Tetex | 2.0.1 (including) | 2.0.1 (including) |
Tetex | Tetex | 2.0.2 (including) | 2.0.2 (including) |
Tetex | Tetex | 3.0 (including) | 3.0 (including) |
Xpdf | Xpdf | 3.0 (including) | 3.0 (including) |
Linux | Conectiva | 10.0 (including) | 10.0 (including) |