Fluid Attacks Database

Description

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	poppler	>=0 <0.4.0-1	0.4.0-1
debian 12	libextractor	>=0 <0.5.8-1	0.5.8-1
debian 14	libextractor	>=0 <0.5.8-1	0.5.8-1
debian 11	xpdf	>=0 <3.00-15	3.00-15
debian 13	cups	>=0 <1.1.22-7	1.1.22-7
debian 13	xpdf	>=0 <3.00-15	3.00-15
debian 14	cups	>=0 <1.1.22-7	1.1.22-7
debian 12	poppler	>=0 <0.4.0-1	0.4.0-1
debian 13	libextractor	>=0 <0.5.8-1	0.5.8-1
debian 13	poppler	>=0 <0.4.0-1	0.4.0-1

1-10 of 16

Aliases

1. CVE-2005-20972. NVD-2005-20973. OSV-DEBIAN-2005-20974. OSV-2005-20975. SECURITY-TRACKER-CVE-2005-2097

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.