Vulnerability in Conectiva Linux

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which…

EPSS: 0.022 (80.6th percentile) — read the EPSS interpretation.

Affected products

Conectiva Linux — versions 10.0
Easy_software_products Cups — versions 1.1.22, 1.1.22_rc1, 1.1.23
Gentoo Linux
Kde Kdegraphics — versions 3.2, 3.4.3
Kde Koffice — versions 1.4, 1.4.1, 1.4.2
Kde Kpdf — versions 3.2, 3.4.3
Kde Kword — versions 1.4.2
Libextractor
Mandrakesoft Mandrake_linux — versions 10.1, 10.2, 2006
Mandrakesoft Mandrake_linux_corporate_server — versions 2.1, 3.0

Weakness classification (CWE)

CWE-189

References

secalert@redhat.com (Patch, vdb-entry, x_refsource_BID)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (Exploit, x_refsource_MISC, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)