CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Publish Date : 2005-12-31 Last Update Date : 2010-11-19
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.0
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Overflow
CWE ID 189

- Vendor Statements

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Source: Redhat

- Additional Vendor Supplied Data

Vendor Impact CVSS Score CVSS Vector Report Date Publish Date
Redhat important 2005-12-11 2006-01-03
If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title Definition Id Class Family
RHSA-2005:840: xpdf security update (Important) oval:com.redhat.rhsa:def:2005840 unix
RHSA-2005:840: xpdf security update (Important) oval:com.redhat.rhsa:def:20050840 unix
RHSA-2005:868: kdegraphics security update (Important) oval:com.redhat.rhsa:def:20050868 unix
RHSA-2005:868: kdegraphics security update (Important) oval:com.redhat.rhsa:def:2005868 unix
RHSA-2006:0160: tetex security update (Moderate) oval:com.redhat.rhsa:def:20060160 unix
RHSA-2006:0163: cups security update (Important) oval:com.redhat.rhsa:def:20060163 unix
RHSA-2006:0177: gpdf security update (Important) oval:com.redhat.rhsa:def:20060177 unix
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextra... oval:org.mitre.oval:def:9437 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2005-3624

# Product Type Vendor Product Version Update Edition Language
1 OS Conectiva Linux 10.0 Version Details Vulnerabilities
2 OS Debian Debian Linux 3.0 ARM Version Details Vulnerabilities
3 OS Debian Debian Linux 3.0 Mipsel Version Details Vulnerabilities
4 OS Debian Debian Linux 3.0 Hppa Version Details Vulnerabilities
5 OS Debian Debian Linux 3.0 PPC Version Details Vulnerabilities
6 OS Debian Debian Linux 3.0 Ia-32 Version Details Vulnerabilities
7 OS Debian Debian Linux 3.0 S-390 Version Details Vulnerabilities
8 OS Debian Debian Linux 3.0 Ia-64 Version Details Vulnerabilities
9 OS Debian Debian Linux 3.0 Version Details Vulnerabilities
10 OS Debian Debian Linux 3.0 Sparc Version Details Vulnerabilities
11 OS Debian Debian Linux 3.0 M68k Version Details Vulnerabilities
12 OS Debian Debian Linux 3.0 Alpha Version Details Vulnerabilities
13 OS Debian Debian Linux 3.0 Mips Version Details Vulnerabilities
14 OS Debian Debian Linux 3.1 Ia-64 Version Details Vulnerabilities
15 OS Debian Debian Linux 3.1 Alpha Version Details Vulnerabilities
16 OS Debian Debian Linux 3.1 Sparc Version Details Vulnerabilities
17 OS Debian Debian Linux 3.1 M68k Version Details Vulnerabilities
18 OS Debian Debian Linux 3.1 Amd64 Version Details Vulnerabilities
19 OS Debian Debian Linux 3.1 Mips Version Details Vulnerabilities
20 OS Debian Debian Linux 3.1 ARM Version Details Vulnerabilities
21 OS Debian Debian Linux 3.1 Mipsel Version Details Vulnerabilities
22 OS Debian Debian Linux 3.1 Hppa Version Details Vulnerabilities
23 OS Debian Debian Linux 3.1 PPC Version Details Vulnerabilities
24 OS Debian Debian Linux 3.1 Ia-32 Version Details Vulnerabilities
25 OS Debian Debian Linux 3.1 Version Details Vulnerabilities
26 OS Debian Debian Linux 3.1 S-390 Version Details Vulnerabilities
27 Application Easy Software Products Cups 1.1.22 Version Details Vulnerabilities
28 Application Easy Software Products Cups 1.1.22 Rc1 Version Details Vulnerabilities
29 Application Easy Software Products Cups 1.1.23 Rc1 Version Details Vulnerabilities
30 Application Easy Software Products Cups 1.1.23 Version Details Vulnerabilities
31 OS Gentoo Linux Version Details Vulnerabilities
32 Application KDE Kdegraphics 3.2 Version Details Vulnerabilities
33 Application KDE Kdegraphics 3.4.3 Version Details Vulnerabilities
34 Application KDE Koffice 1.4 Version Details Vulnerabilities
35 Application KDE Koffice 1.4.1 Version Details Vulnerabilities
36 Application KDE Koffice 1.4.2 Version Details Vulnerabilities
37 Application KDE Kpdf 3.2 Version Details Vulnerabilities
38 Application KDE Kpdf 3.4.3 Version Details Vulnerabilities
39 Application KDE Kword 1.4.2 Version Details Vulnerabilities
40 Application Libextractor Libextractor Version Details Vulnerabilities
41 OS Mandrakesoft Mandrake Linux 10.1 Version Details Vulnerabilities
42 OS Mandrakesoft Mandrake Linux 10.1 X86-64 Version Details Vulnerabilities
43 OS Mandrakesoft Mandrake Linux 10.2 X86-64 Version Details Vulnerabilities
44 OS Mandrakesoft Mandrake Linux 10.2 Version Details Vulnerabilities
45 OS Mandrakesoft Mandrake Linux 2006 Version Details Vulnerabilities
46 OS Mandrakesoft Mandrake Linux 2006 X86-64 Version Details Vulnerabilities
47 OS Mandrakesoft Mandrake Linux Corporate Server 2.1 Version Details Vulnerabilities
48 OS Mandrakesoft Mandrake Linux Corporate Server 2.1 X86 64 Version Details Vulnerabilities
49 OS Mandrakesoft Mandrake Linux Corporate Server 3.0 Version Details Vulnerabilities
50 OS Mandrakesoft Mandrake Linux Corporate Server 3.0 X86 64 Version Details Vulnerabilities
51 Application Poppler Poppler 0.4.2 Version Details Vulnerabilities
52 OS Redhat Enterprise Linux 2.1 Workstation Version Details Vulnerabilities
53 OS Redhat Enterprise Linux 2.1 Workstation Ia64 Version Details Vulnerabilities
54 OS Redhat Enterprise Linux 2.1 Advanced Server Version Details Vulnerabilities
55 OS Redhat Enterprise Linux 2.1 Advanced Server Ia64 Version Details Vulnerabilities
56 OS Redhat Enterprise Linux 2.1 Enterprise Server Version Details Vulnerabilities
57 OS Redhat Enterprise Linux 2.1 Enterprise Server Ia64 Version Details Vulnerabilities
58 OS Redhat Enterprise Linux 3.0 Advanced Server Version Details Vulnerabilities
59 OS Redhat Enterprise Linux 3.0 Enterprise Server Version Details Vulnerabilities
60 OS Redhat Enterprise Linux 3.0 Workstation Server Version Details Vulnerabilities
61 OS Redhat Enterprise Linux 4.0 Advanced Server Version Details Vulnerabilities
62 OS Redhat Enterprise Linux 4.0 Enterprise Server Version Details Vulnerabilities
63 OS Redhat Enterprise Linux 4.0 Workstation Version Details Vulnerabilities
64 OS Redhat Enterprise Linux Desktop 3.0 Version Details Vulnerabilities
65 OS Redhat Enterprise Linux Desktop 4.0 Version Details Vulnerabilities
66 OS Redhat Fedora Core Core 1.0 Version Details Vulnerabilities
67 OS Redhat Fedora Core Core 2.0 Version Details Vulnerabilities
68 OS Redhat Fedora Core Core 3.0 Version Details Vulnerabilities
69 OS Redhat Fedora Core Core 4.0 Version Details Vulnerabilities
70 OS Redhat Linux 7.3 I386 Version Details Vulnerabilities
71 OS Redhat Linux 9.0 I386 Version Details Vulnerabilities
72 OS Redhat Linux Advanced Workstation 2.1 Ia64 Version Details Vulnerabilities
73 OS Redhat Linux Advanced Workstation 2.1 Itanium Version Details Vulnerabilities
74 OS SCO Openserver 5.0.7 Version Details Vulnerabilities
75 OS SCO Openserver 6.0 Version Details Vulnerabilities
76 Application SGI Propack 3.0 SP6 Version Details Vulnerabilities
77 OS Slackware Slackware Linux 9.0 Version Details Vulnerabilities
78 OS Slackware Slackware Linux 9.1 Version Details Vulnerabilities
79 OS Slackware Slackware Linux 10.0 Version Details Vulnerabilities
80 OS Slackware Slackware Linux 10.1 Version Details Vulnerabilities
81 OS Slackware Slackware Linux 10.2 Version Details Vulnerabilities
82 OS Suse Suse Linux 1.0 Version Details Vulnerabilities
83 OS Suse Suse Linux 9.0 X86 64 Version Details Vulnerabilities
84 OS Suse Suse Linux 9.0 Enterprise Server Version Details Vulnerabilities
85 OS Suse Suse Linux 9.0 Personal Version Details Vulnerabilities
86 OS Suse Suse Linux 9.0 Professional Version Details Vulnerabilities
87 OS Suse Suse Linux 9.0 S 390 Version Details Vulnerabilities
88 OS Suse Suse Linux 9.1 Personal Version Details Vulnerabilities
89 OS Suse Suse Linux 9.1 Professional Version Details Vulnerabilities
90 OS Suse Suse Linux 9.1 X86 64 Version Details Vulnerabilities
91 OS Suse Suse Linux 9.2 Professional Version Details Vulnerabilities
92 OS Suse Suse Linux 9.2 X86 64 Version Details Vulnerabilities
93 OS Suse Suse Linux 9.2 Personal Version Details Vulnerabilities
94 OS Suse Suse Linux 9.3 Personal Version Details Vulnerabilities
95 OS Suse Suse Linux 9.3 Professional Version Details Vulnerabilities
96 OS Suse Suse Linux 9.3 X86 64 Version Details Vulnerabilities
97 OS Suse Suse Linux 10.0 OSS Version Details Vulnerabilities
98 OS Suse Suse Linux 10.0 Professional Version Details Vulnerabilities
99 Application Tetex Tetex 1.0.7 Version Details Vulnerabilities
100 Application Tetex Tetex 2.0 Version Details Vulnerabilities
101 Application Tetex Tetex 2.0.1 Version Details Vulnerabilities
102 Application Tetex Tetex 2.0.2 Version Details Vulnerabilities
103 Application Tetex Tetex 3.0 Version Details Vulnerabilities
104 OS Trustix Secure Linux 2.0 Version Details Vulnerabilities
105 OS Trustix Secure Linux 2.2 Version Details Vulnerabilities
106 OS Trustix Secure Linux 3.0 Version Details Vulnerabilities
107 OS Turbolinux Turbolinux 10 Version Details Vulnerabilities
108 OS Turbolinux Turbolinux Fuji Version Details Vulnerabilities
109 OS Turbolinux Turbolinux Appliance Server 1.0 Workgroup Edition Version Details Vulnerabilities
110 OS Turbolinux Turbolinux Appliance Server 1.0 Hosting Edition Version Details Vulnerabilities
111 OS Turbolinux Turbolinux Desktop 10.0 Version Details Vulnerabilities
112 OS Turbolinux Turbolinux Home Version Details Vulnerabilities
113 OS Turbolinux Turbolinux Multimedia Version Details Vulnerabilities
114 OS Turbolinux Turbolinux Personal Version Details Vulnerabilities
115 OS Turbolinux Turbolinux Server 8.0 Version Details Vulnerabilities
116 OS Turbolinux Turbolinux Server 10.0 Version Details Vulnerabilities
117 OS Turbolinux Turbolinux Server 10.0 X86 Version Details Vulnerabilities
118 OS Turbolinux Turbolinux Workstation 8.0 Version Details Vulnerabilities
119 OS Ubuntu Ubuntu Linux 4.1 PPC Version Details Vulnerabilities
120 OS Ubuntu Ubuntu Linux 4.1 Ia64 Version Details Vulnerabilities
121 OS Ubuntu Ubuntu Linux 5.04 Amd64 Version Details Vulnerabilities
122 OS Ubuntu Ubuntu Linux 5.04 I386 Version Details Vulnerabilities
123 OS Ubuntu Ubuntu Linux 5.04 Powerpc Version Details Vulnerabilities
124 OS Ubuntu Ubuntu Linux 5.10 Powerpc Version Details Vulnerabilities
125 OS Ubuntu Ubuntu Linux 5.10 Amd64 Version Details Vulnerabilities
126 OS Ubuntu Ubuntu Linux 5.10 I386 Version Details Vulnerabilities
127 Application Xpdf Xpdf 3.0 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Conectiva Linux 1
Debian Debian Linux 25
Easy Software Products Cups 4
Gentoo Linux 1
KDE Kdegraphics 2
KDE Koffice 3
KDE Kpdf 2
KDE Kword 1
Libextractor Libextractor 1
Mandrakesoft Mandrake Linux 6
Mandrakesoft Mandrake Linux Corporate Server 4
Poppler Poppler 1
Redhat Enterprise Linux 12
Redhat Enterprise Linux Desktop 2
Redhat Fedora Core 4
Redhat Linux 2
Redhat Linux Advanced Workstation 2
SCO Openserver 2
SGI Propack 1
Slackware Slackware Linux 5
Suse Suse Linux 17
Tetex Tetex 5
Trustix Secure Linux 3
Turbolinux Turbolinux 2
Turbolinux Turbolinux Appliance Server 2
Turbolinux Turbolinux Desktop 1
Turbolinux Turbolinux Home 1
Turbolinux Turbolinux Multimedia 1
Turbolinux Turbolinux Personal 1
Turbolinux Turbolinux Server 3
Turbolinux Turbolinux Workstation 1
Ubuntu Ubuntu Linux 8
Xpdf Xpdf 1

- References For CVE-2005-3624

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
SCO SCOSA-2006.15
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
SGI 20060201-01-U
http://secunia.com/advisories/18147
SECUNIA 18147
http://secunia.com/advisories/18373
SECUNIA 18373
http://secunia.com/advisories/18380
SECUNIA 18380
http://secunia.com/advisories/18414
SECUNIA 18414
http://www.securityfocus.com/bid/16143
BID 16143 KPDF and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities Release Date:2007-08-07
http://secunia.com/advisories/18425
SECUNIA 18425
http://secunia.com/advisories/18428
SECUNIA 18428
http://secunia.com/advisories/18436
SECUNIA 18436
http://secunia.com/advisories/18463
SECUNIA 18463
http://secunia.com/advisories/19377
SECUNIA 19377
http://secunia.com/advisories/19230
SECUNIA 19230
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
SLACKWARE SSA:2006-045-09
http://secunia.com/advisories/25729
SECUNIA 25729
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
SLACKWARE SSA:2006-045-04
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
SUNALERT 102972
http://www.frsirt.com/english/advisories/2007/2280
VUPEN ADV-2007-2280
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
MANDRIVA MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
MANDRIVA MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
MANDRIVA MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
MANDRAKE MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
MANDRIVA MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
MANDRIVA MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
MANDRIVA MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
MANDRIVA MDKSA-2006:012
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
FEDORA FEDORA-2005-025
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
FEDORA FEDORA-2005-026
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
FEDORA FLSA-2006:176751
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
FEDORA FLSA:175404
http://xforce.iss.net/xforce/xfdb/24022
XF xpdf-ccitt-faxstream-bo(24022)
http://www.trustix.org/errata/2006/0002/
TRUSTIX 2006-0002
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
SGI 20051201-01-U
http://scary.beasts.org/security/CESA-2005-003.txt
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
SGI 20060101-01-U
http://secunia.com/advisories/18329
SECUNIA 18329
http://secunia.com/advisories/18334
SECUNIA 18334
http://secunia.com/advisories/18332
SECUNIA 18332
http://secunia.com/advisories/18674
SECUNIA 18674
http://secunia.com/advisories/18644
SECUNIA 18644
http://secunia.com/advisories/18642
SECUNIA 18642
http://secunia.com/advisories/18423
SECUNIA 18423
http://secunia.com/advisories/18375
SECUNIA 18375
http://secunia.com/advisories/18913
SECUNIA 18913
http://secunia.com/advisories/18908
SECUNIA 18908
http://secunia.com/advisories/18679
SECUNIA 18679
http://secunia.com/advisories/18675
SECUNIA 18675
http://www.debian.org/security/2005/dsa-931
DEBIAN DSA-931
http://www.debian.org/security/2005/dsa-932
DEBIAN DSA-932
http://www.debian.org/security/2005/dsa-937
DEBIAN DSA-937
http://www.debian.org/security/2005/dsa-938
DEBIAN DSA-938
http://www.debian.org/security/2005/dsa-940
DEBIAN DSA-940
http://rhn.redhat.com/errata/RHSA-2006-0177.html
REDHAT RHSA-2006:0177
http://www.redhat.com/support/errata/RHSA-2006-0163.html
REDHAT RHSA-2006:0163
http://www.ubuntulinux.org/support/documentation/usn/usn-236-1
UBUNTU USN-236-1
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
SUSE SUSE-SA:2006:001
http://secunia.com/advisories/18338
SECUNIA 18338
http://secunia.com/advisories/18313
SECUNIA 18313
http://secunia.com/advisories/18312
SECUNIA 18312
http://secunia.com/advisories/18303
SECUNIA 18303
http://secunia.com/advisories/18416
SECUNIA 18416
http://secunia.com/advisories/18387
SECUNIA 18387
http://secunia.com/advisories/18385
SECUNIA 18385
http://secunia.com/advisories/18349
SECUNIA 18349
http://secunia.com/advisories/18389
SECUNIA 18389
http://secunia.com/advisories/18398
SECUNIA 18398
http://secunia.com/advisories/18407
SECUNIA 18407
http://secunia.com/advisories/18448
SECUNIA 18448
http://secunia.com/advisories/18517
SECUNIA 18517
http://secunia.com/advisories/18534
SECUNIA 18534
http://secunia.com/advisories/18554
SECUNIA 18554
http://secunia.com/advisories/18582
SECUNIA 18582
http://www.debian.org/security/2006/dsa-936
DEBIAN DSA-936
http://www.debian.org/security/2006/dsa-950
DEBIAN DSA-950
http://www.debian.org/security/2006/dsa-962
DEBIAN DSA-962
http://www.debian.org/security/2006/dsa-961
DEBIAN DSA-961
http://www.frsirt.com/english/advisories/2006/0047
VUPEN ADV-2006-0047
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
GENTOO GLSA-200601-17
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
GENTOO GLSA-200601-02
http://www.kde.org/info/security/advisory-20051207-2.txt CONFIRM
http://www.redhat.com/support/errata/RHSA-2006-0160.html
REDHAT RHSA-2006:0160

- Metasploit Modules Related To CVE-2005-3624

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.