View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2005-3627 severity moderate: SUSE including 15 source package names (cups-2.4.11-160000.2.2, cups-client-2.4.11-160000.2.2, …), 15 product×package rows across 4 product lines (SUSE Linux Enterprise Module for Legacy 12, SUSE Linux Enterprise Server 16.0, SUSE Linux Micro 6.0, SUSE Linux Micro 6.1): Fixed 11, Known Not Affected 4.
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.