CVE-2005-2097

Description

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Affected packages (10)

• Debian/cupsfrom 0, < 1.1.22-7
• Debian/gpdffrom 0, < 2.10.0-1+etch1
• Debian/gpdffrom 0, < 2.8.2-1.2sarge5
• Debian/gpdffrom 0, < 2.8.2-1.2sarge4
• Debian/kdegraphicsfrom 0, < 4:3.3.2-2sarge1
• Debian/libextractorfrom 0, < 0.4.2-2sarge2
• Debian/libextractorfrom 0, < 0.5.8-1
• Debian/popplerfrom 0, < 0.4.0-1
• Debian/xpdffrom 0, < 3.00-15
• Debian/xpdffrom 0, < 3.00-13.6

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2097