CVE-2005-3624 - OpenCVE

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Enterprise Linux Desktop Linux Linux Advanced Workstation Fedora Core
Kde	Kword Kdegraphics Koffice Kpdf
Slackware	Slackware Linux
Ubuntu	Ubuntu Linux
Libextractor	Libextractor
Turbolinux	Turbolinux Personal Turbolinux Desktop Turbolinux Appliance Server Turbolinux Turbolinux Home Turbolinux Workstation Turbolinux Multimedia Turbolinux Server
Poppler	Poppler
Tetex	Tetex
Mandrakesoft	Mandrake Linux Mandrake Linux Corporate Server
Trustix	Secure Linux
Debian	Debian Linux
Easy Software Products	Cups
Suse	Suse Linux
Xpdf	Xpdf
Gentoo	Linux
Sco	Openserver
Conectiva	Linux
Sgi	Propack

Configuration 1 [-]

OR	cpe:2.3:a:easy_software_products:cups:1.1.22:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.23:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:::::::*
	cpe:2.3:a:kde:kdegraphics:3.2:::::::*
	cpe:2.3:a:kde:kdegraphics:3.4.3:::::::*
	cpe:2.3:a:kde:koffice:1.4:::::::*
	cpe:2.3:a:kde:koffice:1.4.1:::::::*
	cpe:2.3:a:kde:koffice:1.4.2:::::::*
	cpe:2.3:a:kde:kpdf:3.2:::::::*
	cpe:2.3:a:kde:kpdf:3.4.3:::::::*
	cpe:2.3:a:kde:kword:1.4.2:::::::*
	cpe:2.3:a:libextractor:libextractor::::::::
	cpe:2.3:a:poppler:poppler:0.4.2:::::::*
	cpe:2.3:a:sgi:propack:3.0:sp6::::::
	cpe:2.3:a:tetex:tetex:1.0.7:::::::*
	cpe:2.3:a:tetex:tetex:2.0:::::::*
	cpe:2.3:a:tetex:tetex:2.0.1:::::::*
	cpe:2.3:a:tetex:tetex:2.0.2:::::::*
	cpe:2.3:a:tetex:tetex:3.0:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0:::::::*
	cpe:2.3:o:conectiva:linux:10.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::alpha:::::
	cpe:2.3:o:debian:debian_linux:3.0::arm:::::
	cpe:2.3:o:debian:debian_linux:3.0::hppa:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-32:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-64:::::
	cpe:2.3:o:debian:debian_linux:3.0::m68k:::::
	cpe:2.3:o:debian:debian_linux:3.0::mips:::::
	cpe:2.3:o:debian:debian_linux:3.0::mipsel:::::
	cpe:2.3:o:debian:debian_linux:3.0::ppc:::::
	cpe:2.3:o:debian:debian_linux:3.0::s-390:::::
	cpe:2.3:o:debian:debian_linux:3.0::sparc:::::
	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:3.1::alpha:::::
	cpe:2.3:o:debian:debian_linux:3.1::amd64:::::
	cpe:2.3:o:debian:debian_linux:3.1::arm:::::
	cpe:2.3:o:debian:debian_linux:3.1::hppa:::::
	cpe:2.3:o:debian:debian_linux:3.1::ia-32:::::
	cpe:2.3:o:debian:debian_linux:3.1::ia-64:::::
	cpe:2.3:o:debian:debian_linux:3.1::m68k:::::
	cpe:2.3:o:debian:debian_linux:3.1::mips:::::
	cpe:2.3:o:debian:debian_linux:3.1::mipsel:::::
	cpe:2.3:o:debian:debian_linux:3.1::ppc:::::
	cpe:2.3:o:debian:debian_linux:3.1::s-390:::::
	cpe:2.3:o:debian:debian_linux:3.1::sparc:::::
	cpe:2.3:o:gentoo:linux::::::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.1::x86-64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:10.2::x86-64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:2006:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:2006::x86-64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_3.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_4.0:::::::*
	cpe:2.3:o:redhat:linux:7.3::i386:::::
	cpe:2.3:o:redhat:linux:9.0::i386:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium:::::
	cpe:2.3:o:sco:openserver:5.0.7:::::::*
	cpe:2.3:o:sco:openserver:6.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:10.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:10.1:::::::*
cpe:2.3:o:slackware:slackware_linux:10.2:::::::*
cpe:2.3:o:suse:suse_linux:1.0:::::::*
cpe:2.3:o:suse:suse_linux:9.0::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:9.0::personal:::::
cpe:2.3:o:suse:suse_linux:9.0::professional:::::
cpe:2.3:o:suse:suse_linux:9.0::s_390:::::
cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
cpe:2.3:o:suse:suse_linux:9.1::personal:::::
cpe:2.3:o:suse:suse_linux:9.1::professional:::::
cpe:2.3:o:suse:suse_linux:9.1::x86_64:::::
cpe:2.3:o:suse:suse_linux:9.2::personal:::::
cpe:2.3:o:suse:suse_linux:9.2::professional:::::
cpe:2.3:o:suse:suse_linux:9.2::x86_64:::::
cpe:2.3:o:suse:suse_linux:9.3::personal:::::
cpe:2.3:o:suse:suse_linux:9.3::professional:::::
cpe:2.3:o:suse:suse_linux:9.3::x86_64:::::
cpe:2.3:o:suse:suse_linux:10.0::oss:::::
cpe:2.3:o:suse:suse_linux:10.0::professional:::::
cpe:2.3:o:trustix:secure_linux:2.0:::::::*
cpe:2.3:o:trustix:secure_linux:2.2:::::::*
cpe:2.3:o:trustix:secure_linux:3.0:::::::*
cpe:2.3:o:turbolinux:turbolinux:10:::::::*
cpe:2.3:o:turbolinux:turbolinux:fuji:::::::*
cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:::::::*
cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:::::::*
cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:::::::*
cpe:2.3:o:turbolinux:turbolinux_home::::::::
cpe:2.3:o:turbolinux:turbolinux_multimedia::::::::
cpe:2.3:o:turbolinux:turbolinux_personal::::::::
cpe:2.3:o:turbolinux:turbolinux_server:8.0:::::::*
cpe:2.3:o:turbolinux:turbolinux_server:10.0:::::::*
cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:::::::*
cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:::::::*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::
cpe:2.3:o:ubuntu:ubuntu_linux:5.04::amd64:::::
cpe:2.3:o:ubuntu:ubuntu_linux:5.04::i386:::::
cpe:2.3:o:ubuntu:ubuntu_linux:5.04::powerpc:::::
cpe:2.3:o:ubuntu:ubuntu_linux:5.10::amd64:::::
cpe:2.3:o:ubuntu:ubuntu_linux:5.10::i386:::::
cpe:2.3:o:ubuntu:ubuntu_linux:5.10::powerpc:::::

References

Link	Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html	Patch
http://rhn.redhat.com/errata/RHSA-2006-0177.html	Patch Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txt	Exploit Vendor Advisory
http://secunia.com/advisories/18147
http://secunia.com/advisories/18303	Patch Vendor Advisory
http://secunia.com/advisories/18312	Patch Vendor Advisory
http://secunia.com/advisories/18313	Patch Vendor Advisory
http://secunia.com/advisories/18329	Vendor Advisory
http://secunia.com/advisories/18332	Vendor Advisory
http://secunia.com/advisories/18334
http://secunia.com/advisories/18338	Patch Vendor Advisory
http://secunia.com/advisories/18349	Patch Vendor Advisory
http://secunia.com/advisories/18373
http://secunia.com/advisories/18375	Vendor Advisory
http://secunia.com/advisories/18380
http://secunia.com/advisories/18385	Patch Vendor Advisory
http://secunia.com/advisories/18387	Patch Vendor Advisory
http://secunia.com/advisories/18389	Patch Vendor Advisory
http://secunia.com/advisories/18398	Patch Vendor Advisory
http://secunia.com/advisories/18407	Patch Vendor Advisory
http://secunia.com/advisories/18414
http://secunia.com/advisories/18416	Patch Vendor Advisory
http://secunia.com/advisories/18423	Vendor Advisory
http://secunia.com/advisories/18425
http://secunia.com/advisories/18428
http://secunia.com/advisories/18436
http://secunia.com/advisories/18448	Patch Vendor Advisory
http://secunia.com/advisories/18463
http://secunia.com/advisories/18517	Patch Vendor Advisory
http://secunia.com/advisories/18534	Patch Vendor Advisory
http://secunia.com/advisories/18554	Patch Vendor Advisory
http://secunia.com/advisories/18582	Patch Vendor Advisory
http://secunia.com/advisories/18642	Vendor Advisory
http://secunia.com/advisories/18644	Vendor Advisory
http://secunia.com/advisories/18674	Vendor Advisory
http://secunia.com/advisories/18675	Vendor Advisory
http://secunia.com/advisories/18679	Vendor Advisory
http://secunia.com/advisories/18908
http://secunia.com/advisories/18913	Vendor Advisory
http://secunia.com/advisories/19230
http://secunia.com/advisories/19377
http://secunia.com/advisories/25729
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
http://www.debian.org/security/2005/dsa-931
http://www.debian.org/security/2005/dsa-932
http://www.debian.org/security/2005/dsa-937
http://www.debian.org/security/2005/dsa-938
http://www.debian.org/security/2005/dsa-940
http://www.debian.org/security/2006/dsa-936	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-950	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-961	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-962	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml	Patch Vendor Advisory
http://www.kde.org/info/security/advisory-20051207-2.txt	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
http://www.redhat.com/support/errata/RHSA-2006-0160.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0163.html
http://www.securityfocus.com/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.securityfocus.com/bid/16143	Patch
http://www.trustix.org/errata/2006/0002/
http://www.vupen.com/english/advisories/2006/0047
http://www.vupen.com/english/advisories/2007/2280
https://exchange.xforce.ibmcloud.com/vulnerabilities/24022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437
https://usn.ubuntu.com/236-1/