The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cups | Easy_software_products | 1.1.22 (including) | 1.1.22 (including) |
| Cups | Easy_software_products | 1.1.22_rc1 (including) | 1.1.22_rc1 (including) |
| Cups | Easy_software_products | 1.1.23 (including) | 1.1.23 (including) |
| Cups | Easy_software_products | 1.1.23_rc1 (including) | 1.1.23_rc1 (including) |
| Kdegraphics | Kde | 3.2 (including) | 3.2 (including) |
| Kdegraphics | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Koffice | Kde | 1.4 (including) | 1.4 (including) |
| Koffice | Kde | 1.4.1 (including) | 1.4.1 (including) |
| Koffice | Kde | 1.4.2 (including) | 1.4.2 (including) |
| Kpdf | Kde | 3.2 (including) | 3.2 (including) |
| Kpdf | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Kword | Kde | 1.4.2 (including) | 1.4.2 (including) |
| Libextractor | Libextractor | * | * |
| Poppler | Poppler | 0.4.2 (including) | 0.4.2 (including) |
| Propack | Sgi | 3.0-sp6 (including) | 3.0-sp6 (including) |
| Tetex | Tetex | 1.0.7 (including) | 1.0.7 (including) |
| Tetex | Tetex | 2.0 (including) | 2.0 (including) |
| Tetex | Tetex | 2.0.1 (including) | 2.0.1 (including) |
| Tetex | Tetex | 2.0.2 (including) | 2.0.2 (including) |
| Tetex | Tetex | 3.0 (including) | 3.0 (including) |
| Xpdf | Xpdf | 3.0 (including) | 3.0 (including) |
| Linux | Conectiva | 10.0 (including) | 10.0 (including) |
| Red Hat Enterprise Linux 3 | RedHat | xpdf-1:2.02-9.8 | * |
| Red Hat Enterprise Linux 3 | RedHat | tetex-0:1.0.7-67.9 | * |
| Red Hat Enterprise Linux 3 | RedHat | cups-1:1.1.17-13.3.36 | * |
| Red Hat Enterprise Linux 4 | RedHat | xpdf-1:3.00-11.10 | * |
| Red Hat Enterprise Linux 4 | RedHat | kdegraphics-7:3.3.1-3.6 | * |
| Red Hat Enterprise Linux 4 | RedHat | tetex-0:2.0.2-22.EL4.7 | * |
| Red Hat Enterprise Linux 4 | RedHat | cups-1:1.1.22-0.rc1.9.10 | * |
| Red Hat Enterprise Linux 4 | RedHat | gpdf-0:2.8.2-7.4 | * |
| Gpdf | Ubuntu | dapper | * |
| Gpdf | Ubuntu | edgy | * |
| Kdegraphics | Ubuntu | dapper | * |
| Kdegraphics | Ubuntu | devel | * |
| Kdegraphics | Ubuntu | edgy | * |
| Kdegraphics | Ubuntu | feisty | * |
| Koffice | Ubuntu | dapper | * |
| Koffice | Ubuntu | devel | * |
| Koffice | Ubuntu | edgy | * |
| Koffice | Ubuntu | feisty | * |
| Poppler | Ubuntu | dapper | * |
| Poppler | Ubuntu | devel | * |
| Poppler | Ubuntu | edgy | * |
| Poppler | Ubuntu | feisty | * |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- http://rhn.redhat.com/errata/RHSA-2006-0177.html
- http://scary.beasts.org/security/CESA-2005-003.txt
- http://secunia.com/advisories/18147
- http://secunia.com/advisories/18303
- http://secunia.com/advisories/18312
- http://secunia.com/advisories/18313
- http://secunia.com/advisories/18329
- http://secunia.com/advisories/18332
- http://secunia.com/advisories/18334
- http://secunia.com/advisories/18338
- http://secunia.com/advisories/18349
- http://secunia.com/advisories/18373
- http://secunia.com/advisories/18375
- http://secunia.com/advisories/18380
- http://secunia.com/advisories/18385
- http://secunia.com/advisories/18387
- http://secunia.com/advisories/18389
- http://secunia.com/advisories/18398
- http://secunia.com/advisories/18407
- http://secunia.com/advisories/18414
- http://secunia.com/advisories/18416
- http://secunia.com/advisories/18423
- http://secunia.com/advisories/18425
- http://secunia.com/advisories/18428
- http://secunia.com/advisories/18436
- http://secunia.com/advisories/18448
- http://secunia.com/advisories/18463
- http://secunia.com/advisories/18517
- http://secunia.com/advisories/18534
- http://secunia.com/advisories/18554
- http://secunia.com/advisories/18582
- http://secunia.com/advisories/18642
- http://secunia.com/advisories/18644
- http://secunia.com/advisories/18674
- http://secunia.com/advisories/18675
- http://secunia.com/advisories/18679
- http://secunia.com/advisories/18908
- http://secunia.com/advisories/18913
- http://secunia.com/advisories/19230
- http://secunia.com/advisories/19377
- http://secunia.com/advisories/25729
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472683
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.474747
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- http://www.debian.org/security/2005/dsa-931
- http://www.debian.org/security/2005/dsa-932
- http://www.debian.org/security/2005/dsa-937
- http://www.debian.org/security/2005/dsa-938
- http://www.debian.org/security/2005/dsa-940
- http://www.debian.org/security/2006/dsa-936
- http://www.debian.org/security/2006/dsa-950
- http://www.debian.org/security/2006/dsa-961
- http://www.debian.org/security/2006/dsa-962
- http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- http://www.kde.org/info/security/advisory-20051207-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- http://www.redhat.com/support/errata/RHSA-2006-0160.html
- http://www.redhat.com/support/errata/RHSA-2006-0163.html
- http://www.securityfocus.com/archive/1/427053/100/0/threaded
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://www.securityfocus.com/bid/16143
- http://www.trustix.org/errata/2006/0002/
- http://www.vupen.com/english/advisories/2006/0047
- http://www.vupen.com/english/advisories/2007/2280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24022
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437
- https://usn.ubuntu.com/236-1/
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
- http://rhn.redhat.com/errata/RHSA-2006-0177.html
- http://scary.beasts.org/security/CESA-2005-003.txt
- http://secunia.com/advisories/18147
- http://secunia.com/advisories/18303
- http://secunia.com/advisories/18312
- http://secunia.com/advisories/18313
- http://secunia.com/advisories/18329
- http://secunia.com/advisories/18332
- http://secunia.com/advisories/18334
- http://secunia.com/advisories/18338
- http://secunia.com/advisories/18349
- http://secunia.com/advisories/18373
- http://secunia.com/advisories/18375
- http://secunia.com/advisories/18380
- http://secunia.com/advisories/18385
- http://secunia.com/advisories/18387
- http://secunia.com/advisories/18389
- http://secunia.com/advisories/18398
- http://secunia.com/advisories/18407
- http://secunia.com/advisories/18414
- http://secunia.com/advisories/18416
- http://secunia.com/advisories/18423
- http://secunia.com/advisories/18425
- http://secunia.com/advisories/18428
- http://secunia.com/advisories/18436
- http://secunia.com/advisories/18448
- http://secunia.com/advisories/18463
- http://secunia.com/advisories/18517
- http://secunia.com/advisories/18534
- http://secunia.com/advisories/18554
- http://secunia.com/advisories/18582
- http://secunia.com/advisories/18642
- http://secunia.com/advisories/18644
- http://secunia.com/advisories/18674
- http://secunia.com/advisories/18675
- http://secunia.com/advisories/18679
- http://secunia.com/advisories/18908
- http://secunia.com/advisories/18913
- http://secunia.com/advisories/19230
- http://secunia.com/advisories/19377
- http://secunia.com/advisories/25729
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472683
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.474747
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- http://www.debian.org/security/2005/dsa-931
- http://www.debian.org/security/2005/dsa-932
- http://www.debian.org/security/2005/dsa-937
- http://www.debian.org/security/2005/dsa-938
- http://www.debian.org/security/2005/dsa-940
- http://www.debian.org/security/2006/dsa-936
- http://www.debian.org/security/2006/dsa-950
- http://www.debian.org/security/2006/dsa-961
- http://www.debian.org/security/2006/dsa-962
- http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
- http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
- http://www.kde.org/info/security/advisory-20051207-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html
- http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html
- http://www.redhat.com/support/errata/RHSA-2006-0160.html
- http://www.redhat.com/support/errata/RHSA-2006-0163.html
- http://www.securityfocus.com/archive/1/427053/100/0/threaded
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://www.securityfocus.com/bid/16143
- http://www.trustix.org/errata/2006/0002/
- http://www.vupen.com/english/advisories/2006/0047
- http://www.vupen.com/english/advisories/2007/2280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24022
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9437
- https://usn.ubuntu.com/236-1/