Fluid Attacks Database

Description

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	xpdf	>=0 <3.01-4	3.01-4
debian 14	poppler	>=0 <0.4.4-1	0.4.4-1
debian 12	cups	>=0 <1.1.22-7	1.1.22-7
debian 11	cups	>=0 <1.1.22-7	1.1.22-7
debian 11	libextractor	>=0 <0.5.9-1	0.5.9-1
debian 13	xpdf	>=0 <3.01-4	3.01-4
debian 12	poppler	>=0 <0.4.4-1	0.4.4-1
debian 11	xpdf	>=0 <3.01-4	3.01-4
debian 14	xpdf	>=0 <3.01-4	3.01-4
debian 12	libextractor	>=0 <0.5.9-1	0.5.9-1

1-10 of 16

Aliases

1. CVE-2005-36252. NVD-2005-36253. OSV-DEBIAN-2005-36254. OSV-2005-36255. SECURITY-TRACKER-CVE-2005-3625

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.