| Name | CVE-2005-3192 |
| Description | Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1019-1, DSA-931-1, DSA-932-1, DSA-936-1, DSA-937-1, DSA-940-1, DSA-950-1, DSA-961-1, DSA-962-1, DSA-983-1 |
| Debian Bugs | 342281, 342286, 342287, 342288, 342289, 342292, 342294, 342337 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| cups (PTS) | jessie, jessie (lts) | 1.7.5-11+deb8u12 | fixed |
| stretch (security) | 2.2.1-8+deb9u8 | fixed | |
| stretch (lts), stretch | 2.2.1-8+deb9u12 | fixed | |
| buster, buster (lts) | 2.2.10-6+deb10u11 | fixed | |
| buster (security) | 2.2.10-6+deb10u10 | fixed | |
| bullseye | 2.3.3op2-3+deb11u8 | fixed | |
| bullseye (security) | 2.3.3op2-3+deb11u9 | fixed | |
| bookworm | 2.4.2-3+deb12u7 | fixed | |
| bookworm (security) | 2.4.2-3+deb12u8 | fixed | |
| sid, trixie | 2.4.10-2 | fixed | |
| libextractor (PTS) | jessie, jessie (lts) | 1:1.3-2+deb8u5 | fixed |
| stretch (security), stretch (lts), stretch | 1:1.3-4+deb9u4 | fixed | |
| buster | 1:1.8-2+deb10u1 | fixed | |
| bullseye | 1:1.11-2 | fixed | |
| bookworm | 1:1.11-7 | fixed | |
| sid, trixie | 1:1.13-7 | fixed | |
| poppler (PTS) | jessie, jessie (lts) | 0.26.5-2+deb8u16 | fixed |
| stretch (security) | 0.48.0-2+deb9u4 | fixed | |
| stretch (lts), stretch | 0.48.0-2+deb9u6 | fixed | |
| buster (security), buster, buster (lts) | 0.71.0-5+deb10u3 | fixed | |
| bullseye (security), bullseye | 20.09.0-3.1+deb11u1 | fixed | |
| bookworm | 22.12.0-2 | fixed | |
| sid, trixie | 24.08.0-3 | fixed | |
| xpdf (PTS) | jessie | 3.03-17 | fixed |
| stretch | 3.04-4 | fixed | |
| buster | 3.04-13 | fixed | |
| bullseye | 3.04+git20210103-3 | fixed | |
| bookworm | 3.04+git20220601-1 | fixed | |
| sid, trixie | 3.04+git20240613-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| cups | source | (unstable) | 1.1.23-13 | unimportant | ||
| cupsys | source | woody | 1.1.14-5woody14 | DSA-950-1 | ||
| cupsys | source | sarge | (not affected) | DSA-950-1 | ||
| cupsys | source | (unstable) | 1.1.23-13 | unimportant | ||
| gpdf | source | sarge | 2.8.2-1.2sarge2 | DSA-940-1 | ||
| gpdf | source | (unstable) | 2.10.0-1 | medium | 342286 | |
| kdegraphics | source | sarge | 4:3.3.2-2sarge3 | DSA-932-1 | ||
| kdegraphics | source | (unstable) | 4:3.4.3-4 | medium | 342287 | |
| koffice | source | sarge | 1.3.5-4.sarge.3 | DSA-1019-1 | ||
| koffice | source | (unstable) | 1:1.4.2-5 | medium | 342294 | |
| libextractor | source | sarge | 0.4.2-2sarge2 | DSA-936-1 | ||
| libextractor | source | (unstable) | 0.5.8-1 | medium | ||
| pdfkit.framework | source | sarge | 0.8-2sarge1 | DSA-961-1 | ||
| pdfkit.framework | source | (unstable) | 0.8-4 | |||
| pdftohtml | source | sarge | 0.36-11sarge2 | DSA-983-1 | ||
| pdftohtml | source | (unstable) | 0.36-12 | medium | 342289 | |
| poppler | source | (unstable) | 0.4.3-2 | medium | 342288 | |
| tetex-bin | source | woody | 1.0.7+20011202-7.7 | DSA-937-1 | ||
| tetex-bin | source | sarge | 2.0.2-30sarge4 | DSA-937-1 | ||
| tetex-bin | source | (unstable) | 3.0-11 | medium | 342292 | |
| xpdf | source | woody | 1.00-3.8 | DSA-931-1 | ||
| xpdf | source | sarge | 3.00-13.4 | DSA-931-1 | ||
| xpdf | source | (unstable) | 3.01-3 | medium | 342281, 342337 |
Previous kdegraphics fix was incomplete
Intial poppler patch in 0.4.2-1.1 was incomplete