Sgi: >> Propack >> 3.0 Security Vulnerabilities
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS Score
5.0
EPSS Score
0.072
Published
2005-12-31
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS Score
10.0
EPSS Score
0.113
Published
2005-12-31
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS Score
5.0
EPSS Score
0.092
Published
2005-12-31
Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.
CVSS Score
7.2
EPSS Score
0.0
Published
2005-07-12
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
CVSS Score
7.5
EPSS Score
0.035
Published
2005-05-02
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVSS Score
7.5
EPSS Score
0.065
Published
2005-04-27
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
CVSS Score
5.0
EPSS Score
0.012
Published
2005-04-14
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
CVSS Score
5.0
EPSS Score
0.015
Published
2005-03-23
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
CVSS Score
5.0
EPSS Score
0.011
Published
2005-03-23
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
CVSS Score
5.0
EPSS Score
0.041
Published
2005-03-14
Page 1