Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
2005-05-02T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | xpdf | xpdf | 0.2 | Yes |
| Application | xpdf | xpdf | 0.3 | Yes |
| Application | xpdf | xpdf | 0.4 | Yes |
| Application | xpdf | xpdf | 0.5 | Yes |
| Application | xpdf | xpdf | 0.5a | Yes |
| Application | xpdf | xpdf | 0.6 | Yes |
| Application | xpdf | xpdf | 0.7 | Yes |
| Application | xpdf | xpdf | 0.7a | Yes |
| Application | xpdf | xpdf | 0.80 | Yes |
| Application | xpdf | xpdf | 0.90 | Yes |
| Application | xpdf | xpdf | 0.91 | Yes |
| Application | xpdf | xpdf | 0.91a | Yes |
| Application | xpdf | xpdf | 0.91b | Yes |
| Application | xpdf | xpdf | 0.91c | Yes |
| Application | xpdf | xpdf | 0.92 | Yes |
| Application | xpdf | xpdf | 0.92a | Yes |
| Application | xpdf | xpdf | 0.92b | Yes |
| Application | xpdf | xpdf | 0.92c | Yes |
| Application | xpdf | xpdf | 0.92d | Yes |
| Application | xpdf | xpdf | 0.92e | Yes |
| Application | xpdf | xpdf | 0.93 | Yes |
| Application | xpdf | xpdf | 0.93a | Yes |
| Application | xpdf | xpdf | 0.93b | Yes |
| Application | xpdf | xpdf | 0.93c | Yes |
| Application | xpdf | xpdf | 1.0 | Yes |
| Application | xpdf | xpdf | 1.0a | Yes |
| Application | xpdf | xpdf | 1.1 | Yes |
| Application | xpdf | xpdf | 2.0 | Yes |
| Application | xpdf | xpdf | 2.1 | Yes |
| Application | xpdf | xpdf | 2.2 | Yes |
| Application | xpdf | xpdf | 2.3 | Yes |
| Application | xpdf | xpdf | 3.0 | Yes |