suse · CVE-2005-3193

Quick triage

Priority: medium Published: 2021-05-30 12:33:45 UTC Updated: 2026-04-18 20:43:13 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2005-3193 severity moderate: SUSE including 25 source package names (cups-2.3.3op2-4.2, cups-2.4.11-160000.2.2, …), 25 product×package rows across 5 product lines (SUSE Linux Enterprise Module for Legacy 12, SUSE Linux Enterprise Server 16.0, … (5 product lines)): Fixed 21, Known Not Affected 4.

Description:

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

cvelogic Threat Intelligence