>> Xpdf "Stream.cc" and "JPXStream.cc" Buffer Overflow Vulnerabilities
Title : Xpdf "Stream.cc" and "JPXStream.cc" Buffer Overflow Vulnerabilities VUPEN ID : VUPEN/ADV-2005-2755 CVE ID : CVE-2005-3191 - CVE-2005-3192 - CVE-2005-3193
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-12-06
Technical Description
Multiple vulnerabilities were identified in Xpdf, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system.
The first issue is due to a heap overflow error in the "DCTStream::readBaselineSOF()" [xpdf/Stream.cc] function that does not properly handle an overly large "numComps" value, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to open a specially crafted PDF file.
The second flaw is due to a heap overflow error in the "DCTStream::readProgressiveSOF()" [xpdf/Stream.cc] function that does not properly handle an overly large "numComps" value, which could be exploited by remote attackers to execute arbitrary commands by convincing a user to open a specially crafted PDF file.
The third vulnerability is due to a heap overflow error in the "StreamPredictor::StreamPredictor()" [xpdf/Stream.cc] function, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to open a specially crafted PDF file.
The fourth issue is due to a heap overflow error in the "JPXStream::readCodestream()" [xpdf/JPXStream.cc] function that does not properly handle large "nXTiles" and "nYTiles" values, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to open a specially crafted PDF file.
