CVE-2005-3624: Integer Overflow
Published Dec 31, 2005
·Updated
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Affected Software
127 affected components
Easy Software Products Cups=1.1.22
KDE kpdf=3.4.3
KDE kdegraphics=3.4.3
teTeX teTeX=3.0
KDE Koffice=1.4.1
KDE Kword=1.4.2
Poppler Poppler=0.4.2
teTeX teTeX=1.0.7
SGI ProPack=3.0-sp6
Easy Software Products Cups=1.1.23_rc1
KDE kdegraphics=3.2
KDE Koffice=1.4.2
Libextractor Libextractor
Easy Software Products Cups=1.1.22_rc1
xpdf Xpdf=3.0
teTeX teTeX=2.0.2
teTeX teTeX=2.0.1
Conectiva Linux=10.0
KDE kpdf=3.2
Easy Software Products Cups=1.1.23
KDE Koffice=1.4
teTeX teTeX=2.0
SUSE SuSE Linux=9.0
Slackware Slackware Linux=9.0
Mandrakesoft Mandrake Linux=2006
redhat Enterprise Linux=2.1
Debian Debian Linux=3.1
SUSE SuSE Linux=9.0
redhat Fedora Core=core_2.0
Turbolinux Turbolinux Multimedia
redhat Enterprise Linux=4.0
Slackware Slackware Linux=10.0
Slackware Slackware Linux=10.2
Trustix Secure Linux=2.0
Mandrakesoft Mandrake Linux Corporate Server=2.1
redhat Enterprise Linux Desktop=3.0
SUSE SuSE Linux=9.0
Debian Debian Linux=3.0
SUSE SuSE Linux=9.1
Mandrakesoft Mandrake Linux=10.2
Debian Debian Linux=3.1
Ubuntu Ubuntu Linux=4.1
redhat Linux Advanced Workstation=2.1
Debian Debian Linux=3.1
Debian Debian Linux=3.0
Debian Debian Linux=3.1
redhat Enterprise Linux=4.0
SUSE SuSE Linux=10.0
redhat Enterprise Linux=3.0
redhat Enterprise Linux=2.1
SUSE SuSE Linux=9.3
Debian Debian Linux=3.0
Turbolinux Turbolinux Appliance Server=1.0_workgroup_edition
redhat Linux Advanced Workstation=2.1
SUSE SuSE Linux=9.3
Debian Debian Linux=3.0
Debian Debian Linux=3.1
Debian Debian Linux=3.1
Slackware Slackware Linux=10.1
Slackware Slackware Linux=9.1
redhat Enterprise Linux=2.1
SUSE SuSE Linux=9.0
Debian Debian Linux=3.1
Trustix Secure Linux=3.0
redhat Fedora Core=core_1.0
Ubuntu Ubuntu Linux=5.04
Debian Debian Linux=3.1
Ubuntu Ubuntu Linux=5.10
Debian Debian Linux=3.0
Mandrakesoft Mandrake Linux=10.1
Debian Debian Linux=3.0
Ubuntu Ubuntu Linux=5.04
Ubuntu Ubuntu Linux=5.10
SCO OpenServer=5.0.7
Debian Debian Linux=3.0
redhat Linux=9.0
Ubuntu Ubuntu Linux=5.10
SUSE SuSE Linux=9.2
Mandrakesoft Mandrake Linux Corporate Server=3.0
redhat Fedora Core=core_4.0
Turbolinux Turbolinux Server=10.0_x86
SUSE SuSE Linux=10.0
Debian Debian Linux=3.0
SUSE SuSE Linux=1.0
Mandrakesoft Mandrake Linux Corporate Server=3.0
Turbolinux Turbolinux Home
Debian Debian Linux=3.1
redhat Enterprise Linux=4.0
Debian Debian Linux=3.1
Turbolinux Turbolinux Workstation=8.0
redhat Enterprise Linux=3.0
Turbolinux Turbolinux=fuji
Debian Debian Linux=3.0
SUSE SuSE Linux=9.0
SUSE SuSE Linux=9.1
redhat Enterprise Linux=2.1
Debian Debian Linux=3.1
Debian Debian Linux=3.0
Turbolinux Turbolinux Personal
Turbolinux Turbolinux=10
redhat Linux=7.3
SCO OpenServer=6.0
redhat Enterprise Linux=2.1
redhat Enterprise Linux Desktop=4.0
Ubuntu Ubuntu Linux=5.04
Trustix Secure Linux=2.2
Turbolinux Turbolinux Server=8.0
SUSE SuSE Linux=9.3
redhat Fedora Core=core_3.0
Ubuntu Ubuntu Linux=4.1
Debian Debian Linux=3.1
SUSE SuSE Linux=9.2
SUSE SuSE Linux=9.2
Turbolinux Turbolinux Server=10.0
Gentoo Linux
Turbolinux Turbolinux Desktop=10.0
SUSE SuSE Linux=9.1
Mandrakesoft Mandrake Linux=10.2
Turbolinux Turbolinux Appliance Server=1.0_hosting_edition
Debian Debian Linux=3.0
Debian Debian Linux=3.0
Debian Debian Linux=3.1
redhat Enterprise Linux=2.1
Mandrakesoft Mandrake Linux Corporate Server=2.1
Mandrakesoft Mandrake Linux=2006
Mandrakesoft Mandrake Linux=10.1
redhat Enterprise Linux=3.0
Remediation
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Event History
Dec 31, 2005
CVE Published
05:00 AM
Jan 7, 2006
CVE Published
via MITRE·03:00 AM
Data Sourced
via MITRE·03:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2005-3624?
CVE-2005-3624 is classified as a high severity vulnerability due to potential heap corruption leading to arbitrary code execution.
2
How do I fix CVE-2005-3624?
To address CVE-2005-3624, it is recommended to update the affected software to the latest patched version available.
3
What types of attacks can exploit CVE-2005-3624?
Exploitation of CVE-2005-3624 could allow attackers to execute arbitrary code on the vulnerable system by sending specially crafted CCITTFaxDecode streams.
4
Which software is affected by CVE-2005-3624?
Software affected by CVE-2005-3624 includes CUPS, Xpdf, KPDF, Poppler, and teTeX, among others.
5
What is the impact of CVE-2005-3624 on my system?
The impact of CVE-2005-3624 could be severe as it may lead to system crashes, data corruption, or remote code execution.