Fluid Attacks Database

Description

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	xpdf	>=0 <3.01-4	3.01-4
debian 12	libextractor	>=0 <0.5.9-1	0.5.9-1
debian 14	libextractor	>=0 <0.5.9-1	0.5.9-1
debian 12	cups	>=0 <1.1.22-7	1.1.22-7
debian 12	xpdf	>=0 <3.01-4	3.01-4
debian 13	xpdf	>=0 <3.01-4	3.01-4
debian 14	cups	>=0 <1.1.22-7	1.1.22-7
debian 14	xpdf	>=0 <3.01-4	3.01-4
debian 11	libextractor	>=0 <0.5.9-1	0.5.9-1
debian 13	libextractor	>=0 <0.5.9-1	0.5.9-1

1-10 of 12

Aliases

1. CVE-2005-36282. NVD-2005-36283. OSV-DEBIAN-2005-36284. OSV-2005-36285. SECURITY-TRACKER-CVE-2005-3628

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.