CVE-2005-0064
xpdf - buffer overflow
EPSS 8.4%
Description
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
How to fix CVE-2005-0064
To remediate CVE-2005-0064, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.1.22-6 or later
- Debian/cupsys—upgrade to 1.1.14-5woody12 or later
- Debian/xpdf—upgrade to 3.00-13 or later
- Debian/xpdf—upgrade to 1.00-3.4 or later
Is CVE-2005-0064 being exploited?
Moderate — EPSS is 8.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 1.1.22-6
- from 0, < 1.1.14-5woody12
- from 0, < 3.00-13
- from 0, < 1.00-3.4