The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cups | Easy_software_products | 1.1.22 (including) | 1.1.22 (including) |
| Cups | Easy_software_products | 1.1.22_rc1 (including) | 1.1.22_rc1 (including) |
| Cups | Easy_software_products | 1.1.23 (including) | 1.1.23 (including) |
| Cups | Easy_software_products | 1.1.23_rc1 (including) | 1.1.23_rc1 (including) |
| Kdegraphics | Kde | 3.2 (including) | 3.2 (including) |
| Kdegraphics | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Koffice | Kde | 1.4 (including) | 1.4 (including) |
| Koffice | Kde | 1.4.1 (including) | 1.4.1 (including) |
| Koffice | Kde | 1.4.2 (including) | 1.4.2 (including) |
| Kpdf | Kde | 3.2 (including) | 3.2 (including) |
| Kpdf | Kde | 3.4.3 (including) | 3.4.3 (including) |
| Kword | Kde | 1.4.2 (including) | 1.4.2 (including) |
| Libextractor | Libextractor | * | * |
| Poppler | Poppler | 0.4.2 (including) | 0.4.2 (including) |
| Propack | Sgi | 3.0-sp6 (including) | 3.0-sp6 (including) |
| Tetex | Tetex | 1.0.7 (including) | 1.0.7 (including) |
| Tetex | Tetex | 2.0 (including) | 2.0 (including) |
| Tetex | Tetex | 2.0.1 (including) | 2.0.1 (including) |
| Tetex | Tetex | 2.0.2 (including) | 2.0.2 (including) |
| Tetex | Tetex | 3.0 (including) | 3.0 (including) |
| Xpdf | Xpdf | 3.0 (including) | 3.0 (including) |
| Linux | Conectiva | 10.0 (including) | 10.0 (including) |