Search for vulnerabilities
Vulnerability details: VCID-dx34-td8j-aaaf
Vulnerability ID VCID-dx34-td8j-aaaf
Aliases CVE-2005-0064
Summary Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2005:026
rhas Important https://access.redhat.com/errata/RHSA-2005:034
rhas Important https://access.redhat.com/errata/RHSA-2005:049
rhas Important https://access.redhat.com/errata/RHSA-2005:053
rhas Important https://access.redhat.com/errata/RHSA-2005:057
rhas Important https://access.redhat.com/errata/RHSA-2005:059
rhas Important https://access.redhat.com/errata/RHSA-2005:066
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.09592 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.10502 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.11782 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.11782 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.11782 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
epss 0.18323 https://api.first.org/data/v1/epss?cve=CVE-2005-0064
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1617441
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2005-0064
Reference id Reference type URL
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
http://marc.info/?l=bugtraq&m=110625368019554&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0064.json
https://api.first.org/data/v1/epss?cve=CVE-2005-0064
https://bugzilla.fedora.us/show_bug.cgi?id=2352
https://bugzilla.fedora.us/show_bug.cgi?id=2353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0064
http://secunia.com/advisories/17277
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11781
https://security.gentoo.org/glsa/200501-28
https://security.gentoo.org/glsa/200502-10
http://www.debian.org/security/2005/dsa-645
http://www.debian.org/security/2005/dsa-648
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
http://www.redhat.com/support/errata/RHSA-2005-057.html
http://www.redhat.com/support/errata/RHSA-2005-059.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.trustix.org/errata/2005/0003/
1617441 https://bugzilla.redhat.com/show_bug.cgi?id=1617441
324459 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324459
cpe:2.3:a:xpdf:xpdf:0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.2:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.3:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.4:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.5:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.5a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.5a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.6:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.7:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.7a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.7a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.80:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.80:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.91a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.91a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.91b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.91b:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.91c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.91c:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92c:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92d:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92e:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.93a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.93a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.93b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.93b:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.93c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.93c:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
CVE-2005-0064 https://nvd.nist.gov/vuln/detail/CVE-2005-0064
RHSA-2005:026 https://access.redhat.com/errata/RHSA-2005:026
RHSA-2005:034 https://access.redhat.com/errata/RHSA-2005:034
RHSA-2005:049 https://access.redhat.com/errata/RHSA-2005:049
RHSA-2005:053 https://access.redhat.com/errata/RHSA-2005:053
RHSA-2005:057 https://access.redhat.com/errata/RHSA-2005:057
RHSA-2005:059 https://access.redhat.com/errata/RHSA-2005:059
RHSA-2005:066 https://access.redhat.com/errata/RHSA-2005:066
USN-64-1 https://usn.ubuntu.com/64-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-0064
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94962
EPSS Score 0.09592
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.