CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Published: Dec 31, 2005
Updated: Nov 9, 2025
CVE: CVE-2005-3626
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
easy_software_products / cups	1.1.22	1.1.22.x
kde / kpdf	3.4.3	3.4.3.x
kde / kdegraphics	3.4.3	3.4.3.x
tetex / tetex	3.0	3.0.x
kde / koffice	1.4.1	1.4.1.x
kde / kword	1.4.2	1.4.2.x
poppler / poppler	0.4.2	0.4.2.x
tetex / tetex	1.0.7	1.0.7.x
sgi / propack	3.0-sp6	3.0-sp6.x
easy_software_products / cups	1.1.23_rc1	1.1.23_rc1.x
kde / kdegraphics	3.2	3.2.x
kde / koffice	1.4.2	1.4.2.x
libextractor / libextractor	-	-
easy_software_products / cups	1.1.22_rc1	1.1.22_rc1.x
xpdf / xpdf	3.0	3.0.x
tetex / tetex	2.0.2	2.0.2.x
tetex / tetex	2.0.1	2.0.1.x
conectiva / linux	10.0	10.0.x
kde / kpdf	3.2	3.2.x
easy_software_products / cups	1.1.23	1.1.23.x
kde / koffice	1.4	1.4.x
tetex / tetex	2.0	2.0.x
suse / suse_linux	9.0	9.0.x
slackware / slackware_linux	9.0	9.0.x
mandrakesoft / mandrake_linux	2006	2006.x
redhat / enterprise_linux	2.1	2.1.x
debian / debian_linux	3.1	3.1.x
redhat / fedora_core	core_2.0	core_2.0.x
turbolinux / turbolinux_multimedia	-	-
redhat / enterprise_linux	4.0	4.0.x
slackware / slackware_linux	10.0	10.0.x
slackware / slackware_linux	10.2	10.2.x
trustix / secure_linux	2.0	2.0.x
mandrakesoft / mandrake_linux_corporate_server	2.1	2.1.x
redhat / enterprise_linux_desktop	3.0	3.0.x
debian / debian_linux	3.0	3.0.x
suse / suse_linux	9.1	9.1.x
mandrakesoft / mandrake_linux	10.2	10.2.x
ubuntu / ubuntu_linux	4.1	4.1.x
redhat / linux_advanced_workstation	2.1	2.1.x
suse / suse_linux	10.0	10.0.x
redhat / enterprise_linux	3.0	3.0.x
suse / suse_linux	9.3	9.3.x
turbolinux / turbolinux_appliance_server	1.0_workgroup_edition	1.0_workgroup_edition.x
slackware / slackware_linux	10.1	10.1.x
slackware / slackware_linux	9.1	9.1.x
trustix / secure_linux	3.0	3.0.x
redhat / fedora_core	core_1.0	core_1.0.x
ubuntu / ubuntu_linux	5.04	5.04.x
ubuntu / ubuntu_linux	5.10	5.10.x
mandrakesoft / mandrake_linux	10.1	10.1.x
sco / openserver	5.0.7	5.0.7.x
redhat / linux	9.0	9.0.x
suse / suse_linux	9.2	9.2.x
mandrakesoft / mandrake_linux_corporate_server	3.0	3.0.x
redhat / fedora_core	core_4.0	core_4.0.x
turbolinux / turbolinux_server	10.0_x86	10.0_x86.x
suse / suse_linux	1.0	1.0.x
turbolinux / turbolinux_home	-	-
turbolinux / turbolinux_workstation	8.0	8.0.x
turbolinux / turbolinux	fuji	fuji.x
turbolinux / turbolinux_personal	-	-
turbolinux / turbolinux	10	10.x
redhat / linux	7.3	7.3.x
sco / openserver	6.0	6.0.x
redhat / enterprise_linux_desktop	4.0	4.0.x
trustix / secure_linux	2.2	2.2.x
turbolinux / turbolinux_server	8.0	8.0.x
redhat / fedora_core	core_3.0	core_3.0.x
turbolinux / turbolinux_server	10.0	10.0.x
gentoo / linux	-	-
turbolinux / turbolinux_desktop	10.0	10.0.x
turbolinux / turbolinux_appliance_server	1.0_hosting_edition	1.0_hosting_edition.x

Vulnerability Database

300,214

CVE-2005-3626

Deep Security Visibility Without the Complexity