Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.
Conclusion & alert: CVE-2005-3191 is rated Moderate Risk (45.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.03%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-03-30 | 7.66% | 3.03% | -4.63% |
| 2 | 2025-03-29 | 3.03% | 7.66% | +4.63% |
| 3 | 2025-03-17 | — | 3.03% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.1 | 2.0 | MEDIUM |
|
4.9 | 6.4 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
medium | CVE-2005-3191 medium priority: Debian including 4 source packages (cups, libextractor, poppler, xpdf), 20 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 20. | https://security-tracker.debian.org/tracker/CVE-2005-3191 |
gentoo
|
normal | CVE-2005-3191: 1 GLSA(s) (200512-08), 4 atom(s) (app-text/gpdf, app-text/poppler, app-text/xpdf, net-print/cups); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2005-3191 |
redhat
|
high | — | https://access.redhat.com/security/cve/CVE-2005-3191 |
ubuntu
|
medium | CVE-2005-3191 medium priority: Ubuntu including 9 source packages (cupsys, gpdf, …), 36 status rows across 4 suites (dapper, edgy, feisty, upstream): released 23, needs-triage 9, not-affected 3, DNE 1. | https://ubuntu.com/security/CVE-2005-3191 |
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| xpdf | xpdf | 0.90 | cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:* |
| xpdf | xpdf | 0.91 | cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:* |
| xpdf | xpdf | 0.92 | cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:* |
| xpdf | xpdf | 0.93 | cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:* |
| xpdf | xpdf | 1.0 | cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:* |
| xpdf | xpdf | 1.0a | cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:* |
| xpdf | xpdf | 1.1 | cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:* |
| xpdf | xpdf | 2.0 | cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:* |
| xpdf | xpdf | 2.1 | cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:* |
| xpdf | xpdf | 2.2 | cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:* |
| xpdf | xpdf | 2.3 | cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0 | cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0.1 | cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0_pl2 | cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0_pl3 | cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:* |