Rapid7 Vulnerability & Exploit Database

SUSE-SR:2005:019:vuln8: gpdf and kpdf denial of service attack

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SR:2005:019:vuln8: gpdf and kpdf denial of service attack

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:P)

Published

08/16/2005

Created

07/25/2018

Added

12/13/2005

Modified

11/18/2015

Description

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-2097
14529
CVE - 2005-2097
DSA-1136
DSA-780
DSA-936
OVAL10280
RHSA-2005:670
RHSA-2005:671
RHSA-2005:706
RHSA-2005:708
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:138
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
http://www.ubuntulinux.org/support/documentation/usn/usn-163-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;