CVE-2005-3624

Current Description

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Referenced by CVEs:

CVE-2006-1244

Basic Data

Published	December 31, 2005
Last Modified	October 19, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-189
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	NONE
CVSS 2 - Availability Impact	NONE
CVSS 2 - Base Score	5.0
Severity	MEDIUM
Exploitability Score	10.0
Impact Score	2.9
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Easy Software Products	Cups	1.1.22	*	*	*	*	*	*	*
2.3	Application	Easy Software Products	Cups	1.1.22_rc1	*	*	*	*	*	*	*
2.3	Application	Easy Software Products	Cups	1.1.23	*	*	*	*	*	*	*
2.3	Application	Easy Software Products	Cups	1.1.23_rc1	*	*	*	*	*	*	*
2.3	Application	Kde	Kdegraphics	3.2	*	*	*	*	*	*	*
2.3	Application	Kde	Kdegraphics	3.4.3	*	*	*	*	*	*	*
2.3	Application	Kde	Koffice	1.4	*	*	*	*	*	*	*
2.3	Application	Kde	Koffice	1.4.1	*	*	*	*	*	*	*
2.3	Application	Kde	Koffice	1.4.2	*	*	*	*	*	*	*
2.3	Application	Kde	Kpdf	3.2	*	*	*	*	*	*	*
2.3	Application	Kde	Kpdf	3.4.3	*	*	*	*	*	*	*
2.3	Application	Kde	Kword	1.4.2	*	*	*	*	*	*	*
2.3	Application	Libextractor	Libextractor	*	*	*	*	*	*	*	*
2.3	Application	Poppler	Poppler	0.4.2	*	*	*	*	*	*	*
2.3	Application	Sgi	Propack	3.0	sp6	*	*	*	*	*	*
2.3	Application	Tetex	Tetex	1.0.7	*	*	*	*	*	*	*
2.3	Application	Tetex	Tetex	2.0	*	*	*	*	*	*	*
2.3	Application	Tetex	Tetex	2.0.1	*	*	*	*	*	*	*
2.3	Application	Tetex	Tetex	2.0.2	*	*	*	*	*	*	*
2.3	Application	Tetex	Tetex	3.0	*	*	*	*	*	*	*
2.3	Application	Xpdf	Xpdf	3.0	*	*	*	*	*	*	*
2.3	OS	Conectiva	Linux	10.0	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Debian	Debian Linux	3.0	*	*	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	alpha	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	arm	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	hppa	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	ia-32	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	ia-64	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	m68k	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	mips	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	mipsel	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	ppc	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	s-390	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.0	*	sparc	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	*	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	alpha	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	amd64	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	arm	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	hppa	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	ia-32	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	ia-64	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	m68k	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	mips	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	mipsel	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	ppc	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	s-390	*	*	*	*	*
2.3	OS	Debian	Debian Linux	3.1	*	sparc	*	*	*	*	*
2.3	OS	Gentoo	Linux	*	*	*	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux	10.1	*	*	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux	10.1	*	x86-64	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux	10.2	*	*	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux	10.2	*	x86-64	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux	2006	*	*	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux	2006	*	x86-64	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux Corporate Server	2.1	*	*	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux Corporate Server	2.1	*	x86_64	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux Corporate Server	3.0	*	*	*	*	*	*	*
2.3	OS	Mandrakesoft	Mandrake Linux Corporate Server	3.0	*	x86_64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	advanced_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	advanced_server_ia64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	enterprise_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	enterprise_server_ia64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	workstation	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	workstation_ia64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	3.0	*	advanced_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	3.0	*	enterprise_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	3.0	*	workstation_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	4.0	*	advanced_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	4.0	*	enterprise_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	4.0	*	workstation	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Desktop	3.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Desktop	4.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Fedora Core	core_1.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Fedora Core	core_2.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Fedora Core	core_3.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Fedora Core	core_4.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Linux	7.3	*	i386	*	*	*	*	*
2.3	OS	Redhat	Linux	9.0	*	i386	*	*	*	*	*
2.3	OS	Redhat	Linux Advanced Workstation	2.1	*	ia64	*	*	*	*	*
2.3	OS	Redhat	Linux Advanced Workstation	2.1	*	itanium	*	*	*	*	*
2.3	OS	Sco	Openserver	5.0.7	*	*	*	*	*	*	*
2.3	OS	Sco	Openserver	6.0	*	*	*	*	*	*	*
2.3	OS	Slackware	Slackware Linux	9.0	*	*	*	*	*	*	*
2.3	OS	Slackware	Slackware Linux	9.1	*	*	*	*	*	*	*
2.3	OS	Slackware	Slackware Linux	10.0	*	*	*	*	*	*	*
2.3	OS	Slackware	Slackware Linux	10.1	*	*	*	*	*	*	*
2.3	OS	Slackware	Slackware Linux	10.2	*	*	*	*	*	*	*
2.3	OS	Suse	Suse Linux	1.0	*	*	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.0	*	enterprise_server	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.0	*	personal	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.0	*	professional	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.0	*	s_390	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.0	*	x86_64	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.1	*	personal	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.1	*	professional	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.1	*	x86_64	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.2	*	personal	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.2	*	professional	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.2	*	x86_64	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.3	*	personal	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.3	*	professional	*	*	*	*	*
2.3	OS	Suse	Suse Linux	9.3	*	x86_64	*	*	*	*	*
2.3	OS	Suse	Suse Linux	10.0	*	oss	*	*	*	*	*
2.3	OS	Suse	Suse Linux	10.0	*	professional	*	*	*	*	*
2.3	OS	Trustix	Secure Linux	2.0	*	*	*	*	*	*	*
2.3	OS	Trustix	Secure Linux	2.2	*	*	*	*	*	*	*
2.3	OS	Trustix	Secure Linux	3.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux	10	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux	fuji	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Appliance Server	1.0_hosting_edition	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Appliance Server	1.0_workgroup_edition	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Desktop	10.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Home	*	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Multimedia	*	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Personal	*	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	8.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	10.0	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Server	10.0_x86	*	*	*	*	*	*	*
2.3	OS	Turbolinux	Turbolinux Workstation	8.0	*	*	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	4.1	*	ia64	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	4.1	*	ppc	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	5.04	*	amd64	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	5.04	*	i386	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	5.04	*	powerpc	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	5.10	*	amd64	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	5.10	*	i386	*	*	*	*	*
2.3	OS	Ubuntu	Ubuntu Linux	5.10	*	powerpc	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Libextractor	Libextractor	*
Xpdf	Xpdf	3.0
Debian	Debian Linux	3.0, 3.1
Poppler	Poppler	0.4.2
Slackware	Slackware Linux	10.0, 10.1, 10.2, 9.0, 9.1
Easy Software Products	Cups	1.1.22, 1.1.22_rc1, 1.1.23, 1.1.23_rc1
Redhat	Enterprise Linux	2.1, 3.0, 4.0
Redhat	Enterprise Linux Desktop	3.0, 4.0
Redhat	Linux	7.3, 9.0
Redhat	Fedora Core	core_1.0, core_2.0, core_3.0, core_4.0
Redhat	Linux Advanced Workstation	2.1
Conectiva	Linux	10.0
Ubuntu	Ubuntu Linux	4.1, 5.04, 5.10
Sgi	Propack	3.0
Turbolinux	Turbolinux Desktop	10.0
Turbolinux	Turbolinux Server	10.0, 10.0_x86, 8.0
Turbolinux	Turbolinux Workstation	8.0
Turbolinux	Turbolinux Home	*
Turbolinux	Turbolinux Multimedia	*
Turbolinux	Turbolinux Personal	*
Turbolinux	Turbolinux Appliance Server	1.0_hosting_edition, 1.0_workgroup_edition
Turbolinux	Turbolinux	10, fuji
Tetex	Tetex	1.0.7, 2.0, 2.0.1, 2.0.2, 3.0
Sco	Openserver	5.0.7, 6.0
Trustix	Secure Linux	2.0, 2.2, 3.0
Suse	Suse Linux	1.0, 10.0, 9.0, 9.1, 9.2, 9.3
Gentoo	Linux	*
Mandrakesoft	Mandrake Linux	10.1, 10.2, 2006
Mandrakesoft	Mandrake Linux Corporate Server	2.1, 3.0
Kde	Kdegraphics	3.2, 3.4.3
Kde	Kword	1.4.2
Kde	Koffice	1.4, 1.4.1, 1.4.2
Kde	Kpdf	3.2, 3.4.3

References

Name	Source	URL	Tags
SCOSA-2006.15	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt	SCO
20051201-01-U	ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U	SGI
20060101-01-U	ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	SGI
20060201-01-U	ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U	SGI
SUSE-SA:2006:001	http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html	SUSE	PATCH
RHSA-2006:0177	http://rhn.redhat.com/errata/RHSA-2006-0177.html	REDHAT	PATCH Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txt	http://scary.beasts.org/security/CESA-2005-003.txt	MISC	Exploit Vendor Advisory
18147	http://secunia.com/advisories/18147	SECUNIA
18303	http://secunia.com/advisories/18303	SECUNIA	PATCH Vendor Advisory
18312	http://secunia.com/advisories/18312	SECUNIA	PATCH Vendor Advisory
18313	http://secunia.com/advisories/18313	SECUNIA	PATCH Vendor Advisory
18329	http://secunia.com/advisories/18329	SECUNIA	Vendor Advisory
18332	http://secunia.com/advisories/18332	SECUNIA	Vendor Advisory
18334	http://secunia.com/advisories/18334	SECUNIA
18338	http://secunia.com/advisories/18338	SECUNIA	PATCH Vendor Advisory
18349	http://secunia.com/advisories/18349	SECUNIA	PATCH Vendor Advisory
18373	http://secunia.com/advisories/18373	SECUNIA
18375	http://secunia.com/advisories/18375	SECUNIA	Vendor Advisory
18380	http://secunia.com/advisories/18380	SECUNIA
18385	http://secunia.com/advisories/18385	SECUNIA	PATCH Vendor Advisory
18387	http://secunia.com/advisories/18387	SECUNIA	PATCH Vendor Advisory
18389	http://secunia.com/advisories/18389	SECUNIA	PATCH Vendor Advisory
18398	http://secunia.com/advisories/18398	SECUNIA	PATCH Vendor Advisory
18407	http://secunia.com/advisories/18407	SECUNIA	PATCH Vendor Advisory
18414	http://secunia.com/advisories/18414	SECUNIA
18416	http://secunia.com/advisories/18416	SECUNIA	PATCH Vendor Advisory
18423	http://secunia.com/advisories/18423	SECUNIA	Vendor Advisory
18425	http://secunia.com/advisories/18425	SECUNIA
18428	http://secunia.com/advisories/18428	SECUNIA
18436	http://secunia.com/advisories/18436	SECUNIA
18448	http://secunia.com/advisories/18448	SECUNIA	PATCH Vendor Advisory
18463	http://secunia.com/advisories/18463	SECUNIA
18517	http://secunia.com/advisories/18517	SECUNIA	PATCH Vendor Advisory
18534	http://secunia.com/advisories/18534	SECUNIA	PATCH Vendor Advisory
18554	http://secunia.com/advisories/18554	SECUNIA	PATCH Vendor Advisory
18582	http://secunia.com/advisories/18582	SECUNIA	PATCH Vendor Advisory
18642	http://secunia.com/advisories/18642	SECUNIA	Vendor Advisory
18644	http://secunia.com/advisories/18644	SECUNIA	Vendor Advisory
18674	http://secunia.com/advisories/18674	SECUNIA	Vendor Advisory
18675	http://secunia.com/advisories/18675	SECUNIA	Vendor Advisory
18679	http://secunia.com/advisories/18679	SECUNIA	Vendor Advisory
18908	http://secunia.com/advisories/18908	SECUNIA
18913	http://secunia.com/advisories/18913	SECUNIA	Vendor Advisory
19230	http://secunia.com/advisories/19230	SECUNIA
19377	http://secunia.com/advisories/19377	SECUNIA
25729	http://secunia.com/advisories/25729	SECUNIA
SSA:2006-045-09	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683	SLACKWARE
SSA:2006-045-04	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747	SLACKWARE
102972	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1	SUNALERT
DSA-931	http://www.debian.org/security/2005/dsa-931	DEBIAN
DSA-932	http://www.debian.org/security/2005/dsa-932	DEBIAN
DSA-937	http://www.debian.org/security/2005/dsa-937	DEBIAN
DSA-938	http://www.debian.org/security/2005/dsa-938	DEBIAN
DSA-940	http://www.debian.org/security/2005/dsa-940	DEBIAN
DSA-936	http://www.debian.org/security/2006/dsa-936	DEBIAN	PATCH Vendor Advisory
DSA-950	http://www.debian.org/security/2006/dsa-950	DEBIAN	PATCH Vendor Advisory
DSA-961	http://www.debian.org/security/2006/dsa-961	DEBIAN	PATCH Vendor Advisory
DSA-962	http://www.debian.org/security/2006/dsa-962	DEBIAN	PATCH Vendor Advisory
GLSA-200601-02	http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml	GENTOO	PATCH Vendor Advisory
GLSA-200601-17	http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml	GENTOO	PATCH Vendor Advisory
http://www.kde.org/info/security/advisory-20051207-2.txt	http://www.kde.org/info/security/advisory-20051207-2.txt	CONFIRM	PATCH Vendor Advisory
MDKSA-2006:003	http://www.mandriva.com/security/advisories?name=MDKSA-2006:003	MANDRIVA
MDKSA-2006:004	http://www.mandriva.com/security/advisories?name=MDKSA-2006:004	MANDRIVA
MDKSA-2006:005	http://www.mandriva.com/security/advisories?name=MDKSA-2006:005	MANDRIVA
MDKSA-2006:006	http://www.mandriva.com/security/advisories?name=MDKSA-2006:006	MANDRIVA
MDKSA-2006:008	http://www.mandriva.com/security/advisories?name=MDKSA-2006:008	MANDRIVA
MDKSA-2006:010	http://www.mandriva.com/security/advisories?name=MDKSA-2006:010	MANDRAKE
MDKSA-2006:011	http://www.mandriva.com/security/advisories?name=MDKSA-2006:011	MANDRIVA
MDKSA-2006:012	http://www.mandriva.com/security/advisories?name=MDKSA-2006:012	MANDRIVA
FEDORA-2005-025	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html	FEDORA
FEDORA-2005-026	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html	FEDORA
RHSA-2006:0160	http://www.redhat.com/support/errata/RHSA-2006-0160.html	REDHAT	PATCH Vendor Advisory
RHSA-2006:0163	http://www.redhat.com/support/errata/RHSA-2006-0163.html	REDHAT
FLSA-2006:176751	http://www.securityfocus.com/archive/1/427053/100/0/threaded	FEDORA
FLSA:175404	http://www.securityfocus.com/archive/1/427990/100/0/threaded	FEDORA
16143	http://www.securityfocus.com/bid/16143	BID	PATCH
2006-0002	http://www.trustix.org/errata/2006/0002/	TRUSTIX
ADV-2006-0047	http://www.vupen.com/english/advisories/2006/0047	VUPEN
ADV-2007-2280	http://www.vupen.com/english/advisories/2007/2280	VUPEN
xpdf-ccitt-faxstream-bo(24022)	https://exchange.xforce.ibmcloud.com/vulnerabilities/24022	XF
oval:org.mitre.oval:def:9437	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437	OVAL
USN-236-1	https://usn.ubuntu.com/236-1/	UBUNTU