CVE-2005-3624
Severity
5.0MEDIUM
EPSS
7.4%
top 8.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 31
Latest updateMay 3
Description
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS vector
AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9
Affected Packages29 packages
Also affects: Debian Linux 3.0, 3.1, Ubuntu Linux 4.1, 5.04, 5.10, Enterprise Linux 2.1, 3.0, 4.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4💬Community
16Bugzilla▶
CVE-2005-3191 xpdf issues in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3624 xpdf issues in tetex for FC5test2 (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect poppler in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16
Bugzilla▶
CVE-2005-3191 xpdf issues affect kdegraphics in FC5test2 (CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)↗2006-01-16