Vulnerability Report

CVE-2005-3624

RCE

Title: Xpdf CCITTFaxDecode integer under/overflow heap corruption

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2005-3624.

CWE Category CWE-189
Published Date Dec 31, 2005
Modified Date Apr 03, 2025
Exploit Status Not Found
Score 5.0 CVSS v2.0
Exploit Probability (EPSS)
2.25%

Vulnerability Summary

CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Impacted Vendors

F
foolabs 1
T
tug 1
X
xpdf 1
E
easy_software_products 1
T
tetex 1
K
kde 4
P
poppler 1
S
sgi 1
L
libextractor 1

Reference Links

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/advisories/18147 http://secunia.com/advisories/18303 http://secunia.com/advisories/18312 http://secunia.com/advisories/18313 http://secunia.com/advisories/18329 http://secunia.com/advisories/18332 http://secunia.com/advisories/18334 http://secunia.com/advisories/18338 http://secunia.com/advisories/18349 http://secunia.com/advisories/18373 http://secunia.com/advisories/18375 http://secunia.com/advisories/18380 http://secunia.com/advisories/18385 http://secunia.com/advisories/18387 http://secunia.com/advisories/18389 http://secunia.com/advisories/18398 http://secunia.com/advisories/18407 http://secunia.com/advisories/18414 http://secunia.com/advisories/18416 http://secunia.com/advisories/18423 http://secunia.com/advisories/18425 http://secunia.com/advisories/18428 http://secunia.com/advisories/18436 http://secunia.com/advisories/18448 http://secunia.com/advisories/18463 http://secunia.com/advisories/18517 http://secunia.com/advisories/18534 http://secunia.com/advisories/18554 http://secunia.com/advisories/18582 http://secunia.com/advisories/18642 http://secunia.com/advisories/18644 http://secunia.com/advisories/18674 http://secunia.com/advisories/18675 http://secunia.com/advisories/18679 http://secunia.com/advisories/18908 http://secunia.com/advisories/18913 http://secunia.com/advisories/19230 http://secunia.com/advisories/19377 http://secunia.com/advisories/25729 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 http://www.debian.org/security/2005/dsa-931 http://www.debian.org/security/2005/dsa-932 http://www.debian.org/security/2005/dsa-937 http://www.debian.org/security/2005/dsa-938 http://www.debian.org/security/2005/dsa-940 http://www.debian.org/security/2006/dsa-936 http://www.debian.org/security/2006/dsa-950 http://www.debian.org/security/2006/dsa-961 http://www.debian.org/security/2006/dsa-962 http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml http://www.kde.org/info/security/advisory-20051207-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html http://www.redhat.com/support/errata/RHSA-2006-0160.html http://www.redhat.com/support/errata/RHSA-2006-0163.html http://www.securityfocus.com/archive/1/427053/100/0/threaded http://www.securityfocus.com/archive/1/427990/100/0/threaded http://www.securityfocus.com/bid/16143 http://www.trustix.org/errata/2006/0002/ http://www.vupen.com/english/advisories/2006/0047 http://www.vupen.com/english/advisories/2007/2280 https://exchange.xforce.ibmcloud.com/vulnerabilities/24022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437 https://usn.ubuntu.com/236-1/ ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/advisories/18147 http://secunia.com/advisories/18303 http://secunia.com/advisories/18312 http://secunia.com/advisories/18313 http://secunia.com/advisories/18329 http://secunia.com/advisories/18332 http://secunia.com/advisories/18334 http://secunia.com/advisories/18338 http://secunia.com/advisories/18349 http://secunia.com/advisories/18373 http://secunia.com/advisories/18375 http://secunia.com/advisories/18380 http://secunia.com/advisories/18385 http://secunia.com/advisories/18387 http://secunia.com/advisories/18389 http://secunia.com/advisories/18398 http://secunia.com/advisories/18407 http://secunia.com/advisories/18414 http://secunia.com/advisories/18416 http://secunia.com/advisories/18423 http://secunia.com/advisories/18425 http://secunia.com/advisories/18428 http://secunia.com/advisories/18436 http://secunia.com/advisories/18448 http://secunia.com/advisories/18463 http://secunia.com/advisories/18517 http://secunia.com/advisories/18534 http://secunia.com/advisories/18554 http://secunia.com/advisories/18582 http://secunia.com/advisories/18642 http://secunia.com/advisories/18644 http://secunia.com/advisories/18674 http://secunia.com/advisories/18675 http://secunia.com/advisories/18679 http://secunia.com/advisories/18908 http://secunia.com/advisories/18913 http://secunia.com/advisories/19230 http://secunia.com/advisories/19377 http://secunia.com/advisories/25729 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1 http://www.debian.org/security/2005/dsa-931 http://www.debian.org/security/2005/dsa-932 http://www.debian.org/security/2005/dsa-937 http://www.debian.org/security/2005/dsa-938 http://www.debian.org/security/2005/dsa-940 http://www.debian.org/security/2006/dsa-936 http://www.debian.org/security/2006/dsa-950 http://www.debian.org/security/2006/dsa-961 http://www.debian.org/security/2006/dsa-962 http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml http://www.kde.org/info/security/advisory-20051207-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 http://www.mandriva.com/security/advisories?name=MDKSA-2006:006 http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html http://www.redhat.com/support/errata/RHSA-2006-0160.html http://www.redhat.com/support/errata/RHSA-2006-0163.html http://www.securityfocus.com/archive/1/427053/100/0/threaded http://www.securityfocus.com/archive/1/427990/100/0/threaded http://www.securityfocus.com/bid/16143 http://www.trustix.org/errata/2006/0002/ http://www.vupen.com/english/advisories/2006/0047 http://www.vupen.com/english/advisories/2007/2280 https://exchange.xforce.ibmcloud.com/vulnerabilities/24022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437 https://usn.ubuntu.com/236-1/
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
5.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2005-3624 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:N/I:P/A:N

Affected Stack

No specific products linked.