Launchpad CVE tracker

CVE 2005-0064

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Related bugs and status

CVE-2005-0064 (Candidate) is related to these bugs:

Bug #12044: [CAN-2005-0064] iDEFENSE Security Advisory 01.18.05 (xpdf)

Summary				In	Importance	Status
	12044	[CAN-2005-0064] iDEFENSE Security Advisory 01.18.05 (xpdf)		tetex-bin (Ubuntu)	High	Fix Released
	12044	[CAN-2005-0064] iDEFENSE Security Advisory 01.18.05 (xpdf)		tetex-bin (Debian)	Unknown	Fix Released

Bug #12059: vulnerable to CAN-2005-0064

Summary				In	Importance	Status
	12059	vulnerable to CAN-2005-0064		xpdf (Ubuntu)	High	Fix Released
	12059	vulnerable to CAN-2005-0064		xpdf (Debian)	Unknown	Fix Released

Bug #15018: tetex-bin: CAN-2005-0064 fix was incomplete

Summary				In	Importance	Status
	15018	tetex-bin: CAN-2005-0064 fix was incomplete		tetex-bin (Ubuntu)	High	Invalid
	15018	tetex-bin: CAN-2005-0064 fix was incomplete		tetex-bin (Debian)	Unknown	Fix Released

Bug #26650: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Summary				In	Importance	Status
	26650	tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy		tetex-bin (Ubuntu)	High	Fix Released
	26650	tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy		tetex-bin (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0064

References