CVE-2005-3624
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD
Description
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Affected (127)
Products: Conectiva: Linux · Easy Software Products: Cups · Kde: Kdegraphics, Koffice, Kpdf, Kword · +15 more
Show all products
Conectiva: Linux · Easy Software Products: Cups · Kde: Kdegraphics, Koffice, Kpdf, Kword · Libextractor: Libextractor · Poppler: Poppler · Sgi: Propack · Tetex: Tetex · Xpdf: Xpdf · Debian: Debian Linux · Gentoo: Linux · Mandrakesoft: Mandrake Linux, Mandrake Linux Corporate Server · Redhat: Enterprise Linux, Enterprise Linux Desktop, Fedora Core, Linux, Linux Advanced Workstation · Sco: Openserver · Slackware: Slackware Linux · Suse: Suse Linux · Trustix: Secure Linux · Turbolinux: Turbolinux, Turbolinux Appliance Server, Turbolinux Desktop, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Server, Turbolinux Workstation · Ubuntu: Ubuntu Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 | |
| Version 1.1.22 | |
| Version 3.2 | |
| Version 1.4.1 | |
| Version 3.2 | |
| Version 1.4.2 | |
| All versions | |
| Version 0.4.2 | |
| Version 3.0 sp6 | |
| Version 1.0.7 | |
| Version 3.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.0 | |
| All versions | |
| Version 10.1 | |
| Version 2.1 | |
| Version 2.1 | |
| Version 3.0 | |
| Version core_1.0 | |
| Version 7.3 | |
| Version 2.1 | |
| Version 5.0.7 | |
| Version 10.0 | |
| Version 1.0 | |
| Version 2.0 | |
| Version 10 | |
| Version 1.0_hosting_edition | |
| Version 10.0 | |
| All versions | |
| All versions | |
| All versions | |
| Version 10.0 | |
| Version 8.0 | |
| Version 4.1 |
Related CWEs
References (164)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt (unsafe URL)
Source: secalert@redhat.com
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U (unsafe URL)
Source: secalert@redhat.com
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U (unsafe URL)
Source: secalert@redhat.com
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U (unsafe URL)
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.