Red Hat Customer Portal

Skip to main content

CVE-2005-3624

Impact:
Important
Public Date:
2006-01-03

The MITRE CVE dictionary describes this issue as:

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Find out more about CVE-2005-3624 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 (tetex) RHSA-2006:0160 2006-01-19
Red Hat Enterprise Linux 2.1 (xpdf) RHSA-2005:840 2005-12-06
Red Hat Enterprise Linux 3 (cups) RHSA-2006:0163 2006-01-11
Red Hat Enterprise Linux 3 (tetex) RHSA-2006:0160 2006-01-19
Red Hat Enterprise Linux 4 (kdegraphics) RHSA-2005:868 2005-12-20
Red Hat Enterprise Linux 4 (xpdf) RHSA-2005:840 2005-12-06
Red Hat Enterprise Linux 3 (xpdf) RHSA-2005:840 2005-12-06
Red Hat Enterprise Linux 4 (gpdf) RHSA-2006:0177 2006-01-11
Red Hat Enterprise Linux 4 (cups) RHSA-2006:0163 2006-01-11
Red Hat Enterprise Linux 4 (tetex) RHSA-2006:0160 2006-01-19

Acknowledgements

Red Hat would like to thank Chris Evans for reporting this issue.

Last Modified