ID CVE-2005-3624
Summary The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
References
Vulnerable Configurations
  • cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kpdf:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kpdf:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kword:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kword:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libextractor:libextractor:*:*:*:*:*:*:*:*
    cpe:2.3:a:libextractor:libextractor:*:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sgi:propack:3.0:sp6:*:*:*:*:*:*
    cpe:2.3:a:sgi:propack:3.0:sp6:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86-64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86-64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:sco:openserver:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:sco:openserver:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*
  • cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*
    cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:s_390:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:s_390:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux:10:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux:10:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_multimedia:*:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_multimedia:*:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_personal:*:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_personal:*:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:37)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:19:24.440-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
family unix
id oval:org.mitre.oval:def:9437
status accepted
submitted 2010-07-09T03:56:16-04:00
title The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
version 29
redhat via4
advisories
  • rhsa
    id RHSA-2006:0160
  • rhsa
    id RHSA-2006:0163
  • rhsa
    id RHSA-2006:0177
rpms
  • xpdf-1:2.02-9.8
  • xpdf-1:3.00-11.10
  • xpdf-debuginfo-1:2.02-9.8
  • xpdf-debuginfo-1:3.00-11.10
  • kdegraphics-7:3.3.1-3.6
  • kdegraphics-debuginfo-7:3.3.1-3.6
  • kdegraphics-devel-7:3.3.1-3.6
  • tetex-0:1.0.7-67.9
  • tetex-0:2.0.2-22.EL4.7
  • tetex-afm-0:1.0.7-67.9
  • tetex-afm-0:2.0.2-22.EL4.7
  • tetex-debuginfo-0:1.0.7-67.9
  • tetex-debuginfo-0:2.0.2-22.EL4.7
  • tetex-doc-0:2.0.2-22.EL4.7
  • tetex-dvips-0:1.0.7-67.9
  • tetex-dvips-0:2.0.2-22.EL4.7
  • tetex-fonts-0:1.0.7-67.9
  • tetex-fonts-0:2.0.2-22.EL4.7
  • tetex-latex-0:1.0.7-67.9
  • tetex-latex-0:2.0.2-22.EL4.7
  • tetex-xdvi-0:1.0.7-67.9
  • tetex-xdvi-0:2.0.2-22.EL4.7
  • cups-1:1.1.17-13.3.36
  • cups-1:1.1.22-0.rc1.9.10
  • cups-debuginfo-1:1.1.17-13.3.36
  • cups-debuginfo-1:1.1.22-0.rc1.9.10
  • cups-devel-1:1.1.17-13.3.36
  • cups-devel-1:1.1.22-0.rc1.9.10
  • cups-libs-1:1.1.17-13.3.36
  • cups-libs-1:1.1.22-0.rc1.9.10
  • gpdf-0:2.8.2-7.4
  • gpdf-debuginfo-0:2.8.2-7.4
refmap via4
bid 16143
confirm http://www.kde.org/info/security/advisory-20051207-2.txt
debian
  • DSA-931
  • DSA-932
  • DSA-936
  • DSA-937
  • DSA-938
  • DSA-940
  • DSA-950
  • DSA-961
  • DSA-962
fedora
  • FEDORA-2005-025
  • FEDORA-2005-026
  • FLSA-2006:176751
  • FLSA:175404
gentoo
  • GLSA-200601-02
  • GLSA-200601-17
mandrake MDKSA-2006:010
mandriva
  • MDKSA-2006:003
  • MDKSA-2006:004
  • MDKSA-2006:005
  • MDKSA-2006:006
  • MDKSA-2006:008
  • MDKSA-2006:011
  • MDKSA-2006:012
misc http://scary.beasts.org/security/CESA-2005-003.txt
sco SCOSA-2006.15
secunia
  • 18147
  • 18303
  • 18312
  • 18313
  • 18329
  • 18332
  • 18334
  • 18338
  • 18349
  • 18373
  • 18375
  • 18380
  • 18385
  • 18387
  • 18389
  • 18398
  • 18407
  • 18414
  • 18416
  • 18423
  • 18425
  • 18428
  • 18436
  • 18448
  • 18463
  • 18517
  • 18534
  • 18554
  • 18582
  • 18642
  • 18644
  • 18674
  • 18675
  • 18679
  • 18908
  • 18913
  • 19230
  • 19377
  • 25729
sgi
  • 20051201-01-U
  • 20060101-01-U
  • 20060201-01-U
slackware
  • SSA:2006-045-04
  • SSA:2006-045-09
sunalert 102972
suse SUSE-SA:2006:001
trustix 2006-0002
ubuntu USN-236-1
vupen
  • ADV-2006-0047
  • ADV-2007-2280
xf xpdf-ccitt-faxstream-bo(24022)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-10-2018 - 15:37
Published 31-12-2005 - 05:00
Last modified 19-10-2018 - 15:37
Back to Top