CVE-2005-3624 (NVD)

2005-12-31

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Products Linux, Debian_linux, Cups, Linux, Kdegraphics, Koffice, Kpdf, Kword, Libextractor, Mandrake_linux, Mandrake_linux_corporate_server, Poppler, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Openserver, Propack, Slackware_linux, Suse_linux, Tetex, Secure_linux, Turbolinux, Turbolinux_appliance_server, Turbolinux_desktop, Turbolinux_home, Turbolinux_multimedia, Turbolinux_personal, Turbolinux_server, Turbolinux_workstation, Ubuntu_linux, Xpdf
Type Numeric Errors (CWE-189)
First patch - None (likely due to unavailable code)
Links http://www.debian.org/security/2005/dsa-937
http://scary.beasts.org/security/CESA-2005-003.txt
http://secunia.com/advisories/18913
http://secunia.com/advisories/18380
http://secunia.com/advisories/18582