CVE-2005-3624

Current Description

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Referenced by CVEs:CVE-2006-1244

Basic Data

PublishedDecember 31, 2005
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEasy Software ProductsCups1.1.22*******
    2.3ApplicationEasy Software ProductsCups1.1.22_rc1*******
    2.3ApplicationEasy Software ProductsCups1.1.23*******
    2.3ApplicationEasy Software ProductsCups1.1.23_rc1*******
    2.3ApplicationKdeKdegraphics3.2*******
    2.3ApplicationKdeKdegraphics3.4.3*******
    2.3ApplicationKdeKoffice1.4*******
    2.3ApplicationKdeKoffice1.4.1*******
    2.3ApplicationKdeKoffice1.4.2*******
    2.3ApplicationKdeKpdf3.2*******
    2.3ApplicationKdeKpdf3.4.3*******
    2.3ApplicationKdeKword1.4.2*******
    2.3ApplicationLibextractorLibextractor********
    2.3ApplicationPopplerPoppler0.4.2*******
    2.3ApplicationSgiPropack3.0sp6******
    2.3ApplicationTetexTetex1.0.7*******
    2.3ApplicationTetexTetex2.0*******
    2.3ApplicationTetexTetex2.0.1*******
    2.3ApplicationTetexTetex2.0.2*******
    2.3ApplicationTetexTetex3.0*******
    2.3ApplicationXpdfXpdf3.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux3.0*******
    2.3OSDebianDebian Linux3.0*alpha*****
    2.3OSDebianDebian Linux3.0*arm*****
    2.3OSDebianDebian Linux3.0*hppa*****
    2.3OSDebianDebian Linux3.0*ia-32*****
    2.3OSDebianDebian Linux3.0*ia-64*****
    2.3OSDebianDebian Linux3.0*m68k*****
    2.3OSDebianDebian Linux3.0*mips*****
    2.3OSDebianDebian Linux3.0*mipsel*****
    2.3OSDebianDebian Linux3.0*ppc*****
    2.3OSDebianDebian Linux3.0*s-390*****
    2.3OSDebianDebian Linux3.0*sparc*****
    2.3OSDebianDebian Linux3.1*******
    2.3OSDebianDebian Linux3.1*alpha*****
    2.3OSDebianDebian Linux3.1*amd64*****
    2.3OSDebianDebian Linux3.1*arm*****
    2.3OSDebianDebian Linux3.1*hppa*****
    2.3OSDebianDebian Linux3.1*ia-32*****
    2.3OSDebianDebian Linux3.1*ia-64*****
    2.3OSDebianDebian Linux3.1*m68k*****
    2.3OSDebianDebian Linux3.1*mips*****
    2.3OSDebianDebian Linux3.1*mipsel*****
    2.3OSDebianDebian Linux3.1*ppc*****
    2.3OSDebianDebian Linux3.1*s-390*****
    2.3OSDebianDebian Linux3.1*sparc*****
    2.3OSGentooLinux********
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86-64*****
    2.3OSMandrakesoftMandrake Linux10.2*******
    2.3OSMandrakesoftMandrake Linux10.2*x86-64*****
    2.3OSMandrakesoftMandrake Linux2006*******
    2.3OSMandrakesoftMandrake Linux2006*x86-64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*x86_64*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux4.0*advanced_server*****
    2.3OSRedhatEnterprise Linux4.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux4.0*workstation*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatEnterprise Linux Desktop4.0*******
    2.3OSRedhatFedora Corecore_1.0*******
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSRedhatFedora Corecore_4.0*******
    2.3OSRedhatLinux7.3*i386*****
    2.3OSRedhatLinux9.0*i386*****
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium*****
    2.3OSScoOpenserver5.0.7*******
    2.3OSScoOpenserver6.0*******
    2.3OSSlackwareSlackware Linux9.0*******
    2.3OSSlackwareSlackware Linux9.1*******
    2.3OSSlackwareSlackware Linux10.0*******
    2.3OSSlackwareSlackware Linux10.1*******
    2.3OSSlackwareSlackware Linux10.2*******
    2.3OSSuseSuse Linux1.0*******
    2.3OSSuseSuse Linux9.0*enterprise_server*****
    2.3OSSuseSuse Linux9.0*personal*****
    2.3OSSuseSuse Linux9.0*professional*****
    2.3OSSuseSuse Linux9.0*s_390*****
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*personal*****
    2.3OSSuseSuse Linux9.1*professional*****
    2.3OSSuseSuse Linux9.1*x86_64*****
    2.3OSSuseSuse Linux9.2*personal*****
    2.3OSSuseSuse Linux9.2*professional*****
    2.3OSSuseSuse Linux9.2*x86_64*****
    2.3OSSuseSuse Linux9.3*personal*****
    2.3OSSuseSuse Linux9.3*professional*****
    2.3OSSuseSuse Linux9.3*x86_64*****
    2.3OSSuseSuse Linux10.0*oss*****
    2.3OSSuseSuse Linux10.0*professional*****
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.2*******
    2.3OSTrustixSecure Linux3.0*******
    2.3OSTurbolinuxTurbolinux10*******
    2.3OSTurbolinuxTurbolinuxfuji*******
    2.3OSTurbolinuxTurbolinux Appliance Server1.0_hosting_edition*******
    2.3OSTurbolinuxTurbolinux Appliance Server1.0_workgroup_edition*******
    2.3OSTurbolinuxTurbolinux Desktop10.0*******
    2.3OSTurbolinuxTurbolinux Home********
    2.3OSTurbolinuxTurbolinux Multimedia********
    2.3OSTurbolinuxTurbolinux Personal********
    2.3OSTurbolinuxTurbolinux Server8.0*******
    2.3OSTurbolinuxTurbolinux Server10.0*******
    2.3OSTurbolinuxTurbolinux Server10.0_x86*******
    2.3OSTurbolinuxTurbolinux Workstation8.0*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****
    2.3OSUbuntuUbuntu Linux5.04*amd64*****
    2.3OSUbuntuUbuntu Linux5.04*i386*****
    2.3OSUbuntuUbuntu Linux5.04*powerpc*****
    2.3OSUbuntuUbuntu Linux5.10*amd64*****
    2.3OSUbuntuUbuntu Linux5.10*i386*****
    2.3OSUbuntuUbuntu Linux5.10*powerpc*****

Vulnerable Software List

VendorProductVersions
Libextractor Libextractor *
Xpdf Xpdf 3.0
Debian Debian Linux 3.0, 3.1
Poppler Poppler 0.4.2
Slackware Slackware Linux 10.0, 10.1, 10.2, 9.0, 9.1
Easy Software Products Cups 1.1.22, 1.1.22_rc1, 1.1.23, 1.1.23_rc1
Redhat Enterprise Linux 2.1, 3.0, 4.0
Redhat Enterprise Linux Desktop 3.0, 4.0
Redhat Linux 7.3, 9.0
Redhat Fedora Core core_1.0, core_2.0, core_3.0, core_4.0
Redhat Linux Advanced Workstation 2.1
Conectiva Linux 10.0
Ubuntu Ubuntu Linux 4.1, 5.04, 5.10
Sgi Propack 3.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux Server 10.0, 10.0_x86, 8.0
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Home *
Turbolinux Turbolinux Multimedia *
Turbolinux Turbolinux Personal *
Turbolinux Turbolinux Appliance Server 1.0_hosting_edition, 1.0_workgroup_edition
Turbolinux Turbolinux 10, fuji
Tetex Tetex 1.0.7, 2.0, 2.0.1, 2.0.2, 3.0
Sco Openserver 5.0.7, 6.0
Trustix Secure Linux 2.0, 2.2, 3.0
Suse Suse Linux 1.0, 10.0, 9.0, 9.1, 9.2, 9.3
Gentoo Linux *
Mandrakesoft Mandrake Linux 10.1, 10.2, 2006
Mandrakesoft Mandrake Linux Corporate Server 2.1, 3.0
Kde Kdegraphics 3.2, 3.4.3
Kde Kword 1.4.2
Kde Koffice 1.4, 1.4.1, 1.4.2
Kde Kpdf 3.2, 3.4.3

References

NameSourceURLTags
SCOSA-2006.15ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txtSCO
20051201-01-Uftp://patches.sgi.com/support/free/security/advisories/20051201-01-USGI
20060101-01-Uftp://patches.sgi.com/support/free/security/advisories/20060101-01-USGI
20060201-01-Uftp://patches.sgi.com/support/free/security/advisories/20060201-01-USGI
SUSE-SA:2006:001http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.htmlSUSEPATCH
RHSA-2006:0177http://rhn.redhat.com/errata/RHSA-2006-0177.htmlREDHATPATCH Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txthttp://scary.beasts.org/security/CESA-2005-003.txtMISCExploit Vendor Advisory
18147http://secunia.com/advisories/18147SECUNIA
18303http://secunia.com/advisories/18303SECUNIAPATCH Vendor Advisory
18312http://secunia.com/advisories/18312SECUNIAPATCH Vendor Advisory
18313http://secunia.com/advisories/18313SECUNIAPATCH Vendor Advisory
18329http://secunia.com/advisories/18329SECUNIAVendor Advisory
18332http://secunia.com/advisories/18332SECUNIAVendor Advisory
18334http://secunia.com/advisories/18334SECUNIA
18338http://secunia.com/advisories/18338SECUNIAPATCH Vendor Advisory
18349http://secunia.com/advisories/18349SECUNIAPATCH Vendor Advisory
18373http://secunia.com/advisories/18373SECUNIA
18375http://secunia.com/advisories/18375SECUNIAVendor Advisory
18380http://secunia.com/advisories/18380SECUNIA
18385http://secunia.com/advisories/18385SECUNIAPATCH Vendor Advisory
18387http://secunia.com/advisories/18387SECUNIAPATCH Vendor Advisory
18389http://secunia.com/advisories/18389SECUNIAPATCH Vendor Advisory
18398http://secunia.com/advisories/18398SECUNIAPATCH Vendor Advisory
18407http://secunia.com/advisories/18407SECUNIAPATCH Vendor Advisory
18414http://secunia.com/advisories/18414SECUNIA
18416http://secunia.com/advisories/18416SECUNIAPATCH Vendor Advisory
18423http://secunia.com/advisories/18423SECUNIAVendor Advisory
18425http://secunia.com/advisories/18425SECUNIA
18428http://secunia.com/advisories/18428SECUNIA
18436http://secunia.com/advisories/18436SECUNIA
18448http://secunia.com/advisories/18448SECUNIAPATCH Vendor Advisory
18463http://secunia.com/advisories/18463SECUNIA
18517http://secunia.com/advisories/18517SECUNIAPATCH Vendor Advisory
18534http://secunia.com/advisories/18534SECUNIAPATCH Vendor Advisory
18554http://secunia.com/advisories/18554SECUNIAPATCH Vendor Advisory
18582http://secunia.com/advisories/18582SECUNIAPATCH Vendor Advisory
18642http://secunia.com/advisories/18642SECUNIAVendor Advisory
18644http://secunia.com/advisories/18644SECUNIAVendor Advisory
18674http://secunia.com/advisories/18674SECUNIAVendor Advisory
18675http://secunia.com/advisories/18675SECUNIAVendor Advisory
18679http://secunia.com/advisories/18679SECUNIAVendor Advisory
18908http://secunia.com/advisories/18908SECUNIA
18913http://secunia.com/advisories/18913SECUNIAVendor Advisory
19230http://secunia.com/advisories/19230SECUNIA
19377http://secunia.com/advisories/19377SECUNIA
25729http://secunia.com/advisories/25729SECUNIA
SSA:2006-045-09http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683SLACKWARE
SSA:2006-045-04http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747SLACKWARE
102972http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1SUNALERT
DSA-931http://www.debian.org/security/2005/dsa-931DEBIAN
DSA-932http://www.debian.org/security/2005/dsa-932DEBIAN
DSA-937http://www.debian.org/security/2005/dsa-937DEBIAN
DSA-938http://www.debian.org/security/2005/dsa-938DEBIAN
DSA-940http://www.debian.org/security/2005/dsa-940DEBIAN
DSA-936http://www.debian.org/security/2006/dsa-936DEBIANPATCH Vendor Advisory
DSA-950http://www.debian.org/security/2006/dsa-950DEBIANPATCH Vendor Advisory
DSA-961http://www.debian.org/security/2006/dsa-961DEBIANPATCH Vendor Advisory
DSA-962http://www.debian.org/security/2006/dsa-962DEBIANPATCH Vendor Advisory
GLSA-200601-02http://www.gentoo.org/security/en/glsa/glsa-200601-02.xmlGENTOOPATCH Vendor Advisory
GLSA-200601-17http://www.gentoo.org/security/en/glsa/glsa-200601-17.xmlGENTOOPATCH Vendor Advisory
http://www.kde.org/info/security/advisory-20051207-2.txthttp://www.kde.org/info/security/advisory-20051207-2.txtCONFIRMPATCH Vendor Advisory
MDKSA-2006:003http://www.mandriva.com/security/advisories?name=MDKSA-2006:003MANDRIVA
MDKSA-2006:004http://www.mandriva.com/security/advisories?name=MDKSA-2006:004MANDRIVA
MDKSA-2006:005http://www.mandriva.com/security/advisories?name=MDKSA-2006:005MANDRIVA
MDKSA-2006:006http://www.mandriva.com/security/advisories?name=MDKSA-2006:006MANDRIVA
MDKSA-2006:008http://www.mandriva.com/security/advisories?name=MDKSA-2006:008MANDRIVA
MDKSA-2006:010http://www.mandriva.com/security/advisories?name=MDKSA-2006:010MANDRAKE
MDKSA-2006:011http://www.mandriva.com/security/advisories?name=MDKSA-2006:011MANDRIVA
MDKSA-2006:012http://www.mandriva.com/security/advisories?name=MDKSA-2006:012MANDRIVA
FEDORA-2005-025http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.htmlFEDORA
FEDORA-2005-026http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.htmlFEDORA
RHSA-2006:0160http://www.redhat.com/support/errata/RHSA-2006-0160.htmlREDHATPATCH Vendor Advisory
RHSA-2006:0163http://www.redhat.com/support/errata/RHSA-2006-0163.htmlREDHAT
FLSA-2006:176751http://www.securityfocus.com/archive/1/427053/100/0/threadedFEDORA
FLSA:175404http://www.securityfocus.com/archive/1/427990/100/0/threadedFEDORA
16143http://www.securityfocus.com/bid/16143BIDPATCH
2006-0002http://www.trustix.org/errata/2006/0002/TRUSTIX
ADV-2006-0047http://www.vupen.com/english/advisories/2006/0047VUPEN
ADV-2007-2280http://www.vupen.com/english/advisories/2007/2280VUPEN
xpdf-ccitt-faxstream-bo(24022)https://exchange.xforce.ibmcloud.com/vulnerabilities/24022XF
oval:org.mitre.oval:def:9437https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437OVAL
USN-236-1https://usn.ubuntu.com/236-1/UBUNTU