CVE-2005-3624

NONE EPSS 81.2%
Published Dec 31, 200520y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 31, 2005 20y ago
Last Modified Jun 16, 2026 2w ago

Description

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Threat Intelligence

EPSS Exploit Probability
81.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-189

Affected Products 127

VendorProductVersionRange
easy_software_productscups1.1.22any
easy_software_productscups1.1.22_rc1any
easy_software_productscups1.1.23any
easy_software_productscups1.1.23_rc1any
kdekdegraphics3.2any
kdekdegraphics3.4.3any
kdekoffice1.4any
kdekoffice1.4.1any
kdekoffice1.4.2any
kdekpdf3.2any
kdekpdf3.4.3any
kdekword1.4.2any
libextractorlibextractor*any
popplerpoppler0.4.2any
sgipropack3.0any
tetextetex1.0.7any
tetextetex2.0any
tetextetex2.0.1any
tetextetex2.0.2any
tetextetex3.0any
xpdfxpdf3.0any
conectivalinux10.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
gentoolinux*any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux10.2any
mandrakesoftmandrake_linux10.2any
mandrakesoftmandrake_linux2006any
mandrakesoftmandrake_linux2006any
mandrakesoftmandrake_linux_corporate_server2.1any
mandrakesoftmandrake_linux_corporate_server2.1any
mandrakesoftmandrake_linux_corporate_server3.0any
mandrakesoftmandrake_linux_corporate_server3.0any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux4.0any
redhatenterprise_linux_desktop3.0any
redhatenterprise_linux_desktop4.0any
redhatfedora_corecore_1.0any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any
redhatfedora_corecore_4.0any
redhatlinux7.3any
redhatlinux9.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
scoopenserver5.0.7any
scoopenserver6.0any
slackwareslackware_linux9.0any
slackwareslackware_linux9.1any
slackwareslackware_linux10.0any
slackwareslackware_linux10.1any
slackwareslackware_linux10.2any
susesuse_linux1.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any
susesuse_linux9.1any
susesuse_linux9.1any
susesuse_linux9.2any
susesuse_linux9.2any
susesuse_linux9.2any
susesuse_linux9.3any
susesuse_linux9.3any
susesuse_linux9.3any
susesuse_linux10.0any
susesuse_linux10.0any
trustixsecure_linux2.0any
trustixsecure_linux2.2any
trustixsecure_linux3.0any
turbolinuxturbolinux10any
turbolinuxturbolinuxfujiany
turbolinuxturbolinux_appliance_server1.0_hosting_editionany
turbolinuxturbolinux_appliance_server1.0_workgroup_editionany
turbolinuxturbolinux_desktop10.0any
turbolinuxturbolinux_home*any
turbolinuxturbolinux_multimedia*any
turbolinuxturbolinux_personal*any
turbolinuxturbolinux_server8.0any
turbolinuxturbolinux_server10.0any
turbolinuxturbolinux_server10.0_x86any
turbolinuxturbolinux_workstation8.0any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.04any
ubuntuubuntu_linux5.10any
ubuntuubuntu_linux5.10any
ubuntuubuntu_linux5.10any

References 82

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
  • lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
    Patch
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
    PatchVendor Advisory
  • scary.beasts.org http://scary.beasts.org/security/CESA-2005-003.txt
    ExploitVendor Advisory
  • secunia.com http://secunia.com/advisories/18147
  • secunia.com http://secunia.com/advisories/18303
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18312
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18313
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18329
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18332
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18334
  • secunia.com http://secunia.com/advisories/18338
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18349
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18373
  • secunia.com http://secunia.com/advisories/18375
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18380
  • secunia.com http://secunia.com/advisories/18385
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18387
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18389
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18414
  • secunia.com http://secunia.com/advisories/18416
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18423
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18425
  • secunia.com http://secunia.com/advisories/18428
  • secunia.com http://secunia.com/advisories/18436
  • secunia.com http://secunia.com/advisories/18448
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18463
  • secunia.com http://secunia.com/advisories/18517
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18534
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18554
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18582
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18642
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18644
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18674
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18675
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18679
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18908
  • secunia.com http://secunia.com/advisories/18913
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/19230
  • secunia.com http://secunia.com/advisories/19377
  • secunia.com http://secunia.com/advisories/25729
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
  • debian.org http://www.debian.org/security/2005/dsa-931
  • debian.org http://www.debian.org/security/2005/dsa-932
  • debian.org http://www.debian.org/security/2005/dsa-937
  • debian.org http://www.debian.org/security/2005/dsa-938
  • debian.org http://www.debian.org/security/2005/dsa-940
  • debian.org http://www.debian.org/security/2006/dsa-936
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-950
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-961
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-962
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
    PatchVendor Advisory
  • kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0163.html
  • securityfocus.com http://www.securityfocus.com/archive/1/427053/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/16143
    Patch
  • trustix.org http://www.trustix.org/errata/2006/0002/
  • vupen.com http://www.vupen.com/english/advisories/2006/0047
  • vupen.com http://www.vupen.com/english/advisories/2007/2280
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24022
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437
  • usn.ubuntu.com https://usn.ubuntu.com/236-1/

Remediation

  • lists.suse.com http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
    Patch
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0177.html
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18303
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18312
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18313
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18338
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18349
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18385
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18387
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18389
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18398
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18407
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18416
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18448
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18517
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18534
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18554
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18582
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-936
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-950
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-961
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-962
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
    PatchVendor Advisory
  • kde.org http://www.kde.org/info/security/advisory-20051207-2.txt
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0160.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/16143
    Patch