VDB

ANCHORE-2005-3624

ANCHORE-2005-3624 PUBLISHED

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Affected Products

VendorProductVersions
sgipropack3.0-sp6, 3.0-sp6, 3.0-sp6
kdekdegraphics3.2, 3.4.3, 3.4.3
kdekpdf3.2, 3.4.3, 3.2
easy_software_productscups1.1.23, *, 1.1.23
conectivalinux10.0, 10.0, 10.0
kdekword1.4.2, 1.4.2, 1.4.2
redhatlinux_advanced_workstation2.1, 2.1, 2.1
kdekoffice1.4, 1.4, 1.4.2
mandrakesoftmandrake_linux10.2, 10.2, 2006
slackwareslackware_linux9.0, 9.1, 10.0
debiandebian_linux3.1, 3.0, 3.0
turbolinuxturbolinuxfuji, fuji, 10
xpdfxpdf3.0, 3.0, 3.0
susesuse_linux9.3, 1.0, 9.0
turbolinuxturbolinux_server10.0, 10.0_x86, 8.0
tetextetex2.0.2, 2.0, 1.0.7
turbolinuxturbolinux_desktop10.0, 10.0, 10.0
redhatenterprise_linux_desktop3.0, 3.0, 4.0
redhatlinux9.0, 7.3, 9.0
turbolinuxturbolinux_appliance_server1.0_workgroup_edition, 1.0_hosting_edition, 1.0_workgroup_edition

…and 8 more

Timeline

  • Jan 6, 2006 CVE Published
  • Aug 7, 2024 CVE Updated
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
  • Mar 13, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›