Search for vulnerabilities
Vulnerability details: VCID-5yp1-7maf-aaac
Vulnerability ID VCID-5yp1-7maf-aaac
Aliases CVE-2005-2097
Summary xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2005:670
rhas Moderate https://access.redhat.com/errata/RHSA-2005:671
rhas Important https://access.redhat.com/errata/RHSA-2005:706
rhas Moderate https://access.redhat.com/errata/RHSA-2005:708
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2005-2097
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1617684
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2005-2097
Reference id Reference type URL
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2097.json
https://api.first.org/data/v1/epss?cve=CVE-2005-2097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2097
http://secunia.com/advisories/17277
http://secunia.com/advisories/18398
http://secunia.com/advisories/18407
http://secunia.com/advisories/21339
http://secunia.com/advisories/25729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
https://usn.ubuntu.com/163-1/
http://www.debian.org/security/2005/dsa-780
http://www.debian.org/security/2006/dsa-1136
http://www.debian.org/security/2006/dsa-936
http://www.mandriva.com/security/advisories?name=MDKSA-2005:138
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.redhat.com/support/errata/RHSA-2005-670.html
http://www.redhat.com/support/errata/RHSA-2005-671.html
http://www.redhat.com/support/errata/RHSA-2005-706.html
http://www.redhat.com/support/errata/RHSA-2005-708.html
http://www.securityfocus.com/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.securityfocus.com/bid/14529
http://www.vupen.com/english/advisories/2007/2280
1617684 https://bugzilla.redhat.com/show_bug.cgi?id=1617684
322458 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322458
cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*
CVE-2005-2097 https://nvd.nist.gov/vuln/detail/CVE-2005-2097
RHSA-2005:670 https://access.redhat.com/errata/RHSA-2005:670
RHSA-2005:671 https://access.redhat.com/errata/RHSA-2005:671
RHSA-2005:706 https://access.redhat.com/errata/RHSA-2005:706
RHSA-2005:708 https://access.redhat.com/errata/RHSA-2005:708
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-2097
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.28433
EPSS Score 0.00062
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.