CVE-2005-2097 : xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of serv

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Published 2005-08-16 04:00:00

Updated 2018-10-19 15:32:31

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2005-2097

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2097

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2005-2097

Products affected by CVE-2005-2097

KDE » Kpdf
cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0 Pl3
cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0 Pl2
cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2097

Exploit prediction scoring system (EPSS) score for CVE-2005-2097

CVSS scores for CVE-2005-2097

References for CVE-2005-2097

Products affected by CVE-2005-2097