CVE-2005-3624
NONE EPSS 81.2%
Published Dec 31, 200520y ago · Modified Jun 16, 20262w ago
Published Dec 31, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Threat Intelligence
EPSS Exploit Probability
81.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-189
Affected Products 127
| Vendor | Product | Version | Range |
|---|---|---|---|
| easy_software_products | cups | 1.1.22 | any |
| easy_software_products | cups | 1.1.22_rc1 | any |
| easy_software_products | cups | 1.1.23 | any |
| easy_software_products | cups | 1.1.23_rc1 | any |
| kde | kdegraphics | 3.2 | any |
| kde | kdegraphics | 3.4.3 | any |
| kde | koffice | 1.4 | any |
| kde | koffice | 1.4.1 | any |
| kde | koffice | 1.4.2 | any |
| kde | kpdf | 3.2 | any |
| kde | kpdf | 3.4.3 | any |
| kde | kword | 1.4.2 | any |
| libextractor | libextractor | * | any |
| poppler | poppler | 0.4.2 | any |
| sgi | propack | 3.0 | any |
| tetex | tetex | 1.0.7 | any |
| tetex | tetex | 2.0 | any |
| tetex | tetex | 2.0.1 | any |
| tetex | tetex | 2.0.2 | any |
| tetex | tetex | 3.0 | any |
| xpdf | xpdf | 3.0 | any |
| conectiva | linux | 10.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| gentoo | linux | * | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | enterprise_linux_desktop | 4.0 | any |
| redhat | fedora_core | core_1.0 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| redhat | fedora_core | core_4.0 | any |
| redhat | linux | 7.3 | any |
| redhat | linux | 9.0 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| sco | openserver | 5.0.7 | any |
| sco | openserver | 6.0 | any |
| slackware | slackware_linux | 9.0 | any |
| slackware | slackware_linux | 9.1 | any |
| slackware | slackware_linux | 10.0 | any |
| slackware | slackware_linux | 10.1 | any |
| slackware | slackware_linux | 10.2 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.2 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 9.3 | any |
| suse | suse_linux | 10.0 | any |
| suse | suse_linux | 10.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.2 | any |
| trustix | secure_linux | 3.0 | any |
| turbolinux | turbolinux | 10 | any |
| turbolinux | turbolinux | fuji | any |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition | any |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition | any |
| turbolinux | turbolinux_desktop | 10.0 | any |
| turbolinux | turbolinux_home | * | any |
| turbolinux | turbolinux_multimedia | * | any |
| turbolinux | turbolinux_personal | * | any |
| turbolinux | turbolinux_server | 8.0 | any |
| turbolinux | turbolinux_server | 10.0 | any |
| turbolinux | turbolinux_server | 10.0_x86 | any |
| turbolinux | turbolinux_workstation | 8.0 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
| ubuntu | ubuntu_linux | 5.10 | any |
References 82
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
- scary.beasts.org http://scary.beasts.org/security/CESA-2005-003.txt
- secunia.com http://secunia.com/advisories/18147
- secunia.com http://secunia.com/advisories/18303
- secunia.com http://secunia.com/advisories/18312
- secunia.com http://secunia.com/advisories/18313
- secunia.com http://secunia.com/advisories/18329
- secunia.com http://secunia.com/advisories/18332
- secunia.com http://secunia.com/advisories/18334
- secunia.com http://secunia.com/advisories/18338
- secunia.com http://secunia.com/advisories/18349
- secunia.com http://secunia.com/advisories/18373
- secunia.com http://secunia.com/advisories/18375
- secunia.com http://secunia.com/advisories/18380
- secunia.com http://secunia.com/advisories/18385
- secunia.com http://secunia.com/advisories/18387
- secunia.com http://secunia.com/advisories/18389
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/18414
- secunia.com http://secunia.com/advisories/18416
- secunia.com http://secunia.com/advisories/18423
- secunia.com http://secunia.com/advisories/18425
- secunia.com http://secunia.com/advisories/18428
- secunia.com http://secunia.com/advisories/18436
- secunia.com http://secunia.com/advisories/18448
- secunia.com http://secunia.com/advisories/18463
- secunia.com http://secunia.com/advisories/18517
- secunia.com http://secunia.com/advisories/18534
- secunia.com http://secunia.com/advisories/18554
- secunia.com http://secunia.com/advisories/18582
- secunia.com http://secunia.com/advisories/18642
- secunia.com http://secunia.com/advisories/18644
- secunia.com http://secunia.com/advisories/18674
- secunia.com http://secunia.com/advisories/18675
- secunia.com http://secunia.com/advisories/18679
- secunia.com http://secunia.com/advisories/18908
- secunia.com http://secunia.com/advisories/18913
- secunia.com http://secunia.com/advisories/19230
- secunia.com http://secunia.com/advisories/19377
- secunia.com http://secunia.com/advisories/25729
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- debian.org http://www.debian.org/security/2005/dsa-931
- debian.org http://www.debian.org/security/2005/dsa-932
- debian.org http://www.debian.org/security/2005/dsa-937
- debian.org http://www.debian.org/security/2005/dsa-938
- debian.org http://www.debian.org/security/2005/dsa-940
- debian.org http://www.debian.org/security/2006/dsa-936
- debian.org http://www.debian.org/security/2006/dsa-950
- debian.org http://www.debian.org/security/2006/dsa-961
- debian.org http://www.debian.org/security/2006/dsa-962
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0163.html
- securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/16143
- trustix.org http://www.trustix.org/errata/2006/0002/
- vupen.com http://www.vupen.com/english/advisories/2006/0047
- vupen.com http://www.vupen.com/english/advisories/2007/2280
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24022
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437
- usn.ubuntu.com https://usn.ubuntu.com/236-1/
Remediation
- lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
- secunia.com http://secunia.com/advisories/18303
- secunia.com http://secunia.com/advisories/18312
- secunia.com http://secunia.com/advisories/18313
- secunia.com http://secunia.com/advisories/18338
- secunia.com http://secunia.com/advisories/18349
- secunia.com http://secunia.com/advisories/18385
- secunia.com http://secunia.com/advisories/18387
- secunia.com http://secunia.com/advisories/18389
- secunia.com http://secunia.com/advisories/18398
- secunia.com http://secunia.com/advisories/18407
- secunia.com http://secunia.com/advisories/18416
- secunia.com http://secunia.com/advisories/18448
- secunia.com http://secunia.com/advisories/18517
- secunia.com http://secunia.com/advisories/18534
- secunia.com http://secunia.com/advisories/18554
- secunia.com http://secunia.com/advisories/18582
- debian.org http://www.debian.org/security/2006/dsa-936
- debian.org http://www.debian.org/security/2006/dsa-950
- debian.org http://www.debian.org/security/2006/dsa-961
- debian.org http://www.debian.org/security/2006/dsa-962
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
- securityfocus.com http://www.securityfocus.com/bid/16143