xpdf vulnerability

2005-08-1000:00:00

ubuntu.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

28.4%

JSON

Releases

Ubuntu 5.04
Ubuntu 4.10

Details

xpdf and kpdf did not sufficiently verify the validity of the “loca”
table in PDF files, a table that contains glyph description
information for embedded TrueType fonts. After detecting the broken
table, xpdf attempted to reconstruct the information in it, which
caused the generation of a huge temporary file that quickly filled up
available disk space and rendered the application unresponsive.

The CUPS printing system in Ubuntu 5.04 uses the xpdf-utils package to
convert PDF files to PostScript. By attempting to print such a crafted
PDF file, a remote attacker could cause a Denial of Service in a print
server. The CUPS system in Ubuntu 4.10 is not vulnerable against this
attack.

OSVersionArchitecturePackageVersionFilename
Ubuntu5.04noarchxpdf-utils< *UNKNOWN
Ubuntu5.04noarchxpdf-reader< *UNKNOWN
Ubuntu5.04noarchkpdf< *UNKNOWN
Ubuntu4.10noarchxpdf-utils< *UNKNOWN
Ubuntu4.10noarchxpdf-reader< *UNKNOWN
Ubuntu4.10noarchkpdf< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.04	noarch	xpdf-utils	< *	UNKNOWN
Ubuntu	5.04	noarch	xpdf-reader	< *	UNKNOWN
Ubuntu	5.04	noarch	kpdf	< *	UNKNOWN
Ubuntu	4.10	noarch	xpdf-utils	< *	UNKNOWN
Ubuntu	4.10	noarch	xpdf-reader	< *	UNKNOWN
Ubuntu	4.10	noarch	kpdf	< *	UNKNOWN