CVE-2005-3625: Critical severity Easy Software Products Cups vulnerability
Published Dec 31, 2005
·Updated
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Affected Software
127 affected components
Easy Software Products Cups=1.1.22
Easy Software Products Cups=1.1.22_rc1
Easy Software Products Cups=1.1.23
Easy Software Products Cups=1.1.23_rc1
KDE kdegraphics=3.2
KDE kdegraphics=3.4.3
KDE Koffice=1.4
KDE Koffice=1.4.1
KDE Koffice=1.4.2
KDE kpdf=3.2
KDE kpdf=3.4.3
KDE Kword=1.4.2
Libextractor Libextractor
Poppler Poppler=0.4.2
SGI ProPack=3.0-sp6
teTeX teTeX=1.0.7
teTeX teTeX=2.0
teTeX teTeX=2.0.1
teTeX teTeX=2.0.2
teTeX teTeX=3.0
xpdf Xpdf=3.0
Conectiva Linux=10.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Gentoo Linux
Mandrakesoft Mandrake Linux=10.1
Mandrakesoft Mandrake Linux=10.1
Mandrakesoft Mandrake Linux=10.2
Mandrakesoft Mandrake Linux=10.2
Mandrakesoft Mandrake Linux=2006
Mandrakesoft Mandrake Linux=2006
Mandrakesoft Mandrake Linux Corporate Server=2.1
Mandrakesoft Mandrake Linux Corporate Server=2.1
Mandrakesoft Mandrake Linux Corporate Server=3.0
Mandrakesoft Mandrake Linux Corporate Server=3.0
redhat Enterprise Linux=2.1
redhat Enterprise Linux=2.1
redhat Enterprise Linux=2.1
redhat Enterprise Linux=2.1
redhat Enterprise Linux=2.1
redhat Enterprise Linux=2.1
redhat Enterprise Linux=3.0
redhat Enterprise Linux=3.0
redhat Enterprise Linux=3.0
redhat Enterprise Linux=4.0
redhat Enterprise Linux=4.0
redhat Enterprise Linux=4.0
redhat Enterprise Linux Desktop=3.0
redhat Enterprise Linux Desktop=4.0
redhat Fedora Core=core_1.0
redhat Fedora Core=core_2.0
redhat Fedora Core=core_3.0
redhat Fedora Core=core_4.0
redhat Linux=7.3
redhat Linux=9.0
redhat Linux Advanced Workstation=2.1
redhat Linux Advanced Workstation=2.1
SCO OpenServer=5.0.7
SCO OpenServer=6.0
Slackware Slackware Linux=9.0
Slackware Slackware Linux=9.1
Slackware Slackware Linux=10.0
Slackware Slackware Linux=10.1
Slackware Slackware Linux=10.2
SUSE SuSE Linux=1.0
SUSE SuSE Linux=9.0
SUSE SuSE Linux=9.0
SUSE SuSE Linux=9.0
SUSE SuSE Linux=9.0
SUSE SuSE Linux=9.0
SUSE SuSE Linux=9.1
SUSE SuSE Linux=9.1
SUSE SuSE Linux=9.1
SUSE SuSE Linux=9.2
SUSE SuSE Linux=9.2
SUSE SuSE Linux=9.2
SUSE SuSE Linux=9.3
SUSE SuSE Linux=9.3
SUSE SuSE Linux=9.3
SUSE SuSE Linux=10.0
SUSE SuSE Linux=10.0
Trustix Secure Linux=2.0
Trustix Secure Linux=2.2
Trustix Secure Linux=3.0
Turbolinux Turbolinux=10
Turbolinux Turbolinux=fuji
Turbolinux Turbolinux Appliance Server=1.0_hosting_edition
Turbolinux Turbolinux Appliance Server=1.0_workgroup_edition
Turbolinux Turbolinux Desktop=10.0
Turbolinux Turbolinux Home
Turbolinux Turbolinux Multimedia
Turbolinux Turbolinux Personal
Turbolinux Turbolinux Server=8.0
Turbolinux Turbolinux Server=10.0
Turbolinux Turbolinux Server=10.0_x86
Turbolinux Turbolinux Workstation=8.0
Ubuntu Ubuntu Linux=4.1
Ubuntu Ubuntu Linux=4.1
Ubuntu Ubuntu Linux=5.04
Ubuntu Ubuntu Linux=5.04
Ubuntu Ubuntu Linux=5.04
Ubuntu Ubuntu Linux=5.10
Ubuntu Ubuntu Linux=5.10
Ubuntu Ubuntu Linux=5.10
Remediation
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Event History
Dec 31, 2005
CVE Published
05:00 AM
Jan 7, 2006
CVE Published
via MITRE·03:00 AM
Data Sourced
via MITRE·03:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2005-3625?
CVE-2005-3625 is classified as a high severity vulnerability due to its potential to cause a denial of service.
2
How do I fix CVE-2005-3625?
To remediate CVE-2005-3625, users should upgrade to the latest version of affected software that addresses this vulnerability.
3
What types of software are affected by CVE-2005-3625?
CVE-2005-3625 affects various software including Xpdf, KDE KPDF, Poppler, and CUPS among others.
4
What are the potential consequences of exploiting CVE-2005-3625?
Exploiting CVE-2005-3625 may lead to an infinite loop, resulting in denial of service and increased CPU usage.
5
Are there any specific versions of software that are vulnerable to CVE-2005-3625?
Yes, specific vulnerable versions include Xpdf 3.0, KDE KPDF 3.2 to 3.4.3, and CUPS versions 1.1.22 to 1.1.23.