The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 2.1 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| kde | koffice | 1.4 |
| slackware | slackware_linux | 9.0 |
| slackware | slackware_linux | 10.0 |
| slackware | slackware_linux | 10.2 |
| easy_software_products | cups | 1.1.22 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 10.2 |
| kde | koffice | 1.4.2 |
| slackware | slackware_linux | 9.1 |
| turbolinux | turbolinux_personal | * |
| tetex | tetex | 2.0.2 |
| sgi | propack | 3.0 |
| redhat | fedora_core | core_1.0 |
| turbolinux | turbolinux_server | 8.0 |
| redhat | linux_advanced_workstation | 2.1 |
| trustix | secure_linux | 3.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| tetex | tetex | 2.0 |
| turbolinux | turbolinux_home | * |
| redhat | enterprise_linux | 4.0 |
| suse | suse_linux | 9.2 |
| libextractor | libextractor | * |
| redhat | linux | 9.0 |
| debian | debian_linux | 3.1 |
| tetex | tetex | 1.0.7 |
| trustix | secure_linux | 2.0 |
| conectiva | linux | 10.0 |
| kde | kpdf | 3.4.3 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| easy_software_products | cups | 1.1.22_rc1 |
| redhat | enterprise_linux_desktop | 4.0 |
| poppler | poppler | 0.4.2 |
| mandrakesoft | mandrake_linux | 10.1 |
| turbolinux | turbolinux_multimedia | * |
| suse | suse_linux | 1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux | 7.3 |
| ubuntu | ubuntu_linux | 5.04 |
| sco | openserver | 5.0.7 |
| kde | kdegraphics | 3.2 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux | 2006 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux | fuji |
| suse | suse_linux | 9.3 |
| ubuntu | ubuntu_linux | 5.10 |
| gentoo | linux | * |
| easy_software_products | cups | 1.1.23 |
| slackware | slackware_linux | 10.1 |
| suse | suse_linux | 10.0 |
| turbolinux | turbolinux_server | 10.0_x86 |
| suse | suse_linux | 9.0 |
| easy_software_products | cups | 1.1.23_rc1 |
| redhat | fedora_core | core_4.0 |
| kde | kpdf | 3.2 |
| kde | koffice | 1.4.1 |
| xpdf | xpdf | 3.0 |
| redhat | enterprise_linux | 3.0 |
| redhat | fedora_core | core_2.0 |
| kde | kdegraphics | 3.4.3 |
| kde | kword | 1.4.2 |
| turbolinux | turbolinux_server | 10.0 |
| tetex | tetex | 3.0 |
| redhat | fedora_core | core_3.0 |
| tetex | tetex | 2.0.1 |
| turbolinux | turbolinux | 10 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.2 |
| suse | suse_linux | 9.1 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 2.1 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| kde | koffice | 1.4 |
| slackware | slackware_linux | 9.0 |
| slackware | slackware_linux | 10.0 |
| slackware | slackware_linux | 10.2 |
| easy_software_products | cups | 1.1.22 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 10.2 |
| kde | koffice | 1.4.2 |
| slackware | slackware_linux | 9.1 |
| turbolinux | turbolinux_personal | * |
| tetex | tetex | 2.0.2 |
| sgi | propack | 3.0 |
| redhat | fedora_core | core_1.0 |
| turbolinux | turbolinux_server | 8.0 |
| redhat | linux_advanced_workstation | 2.1 |
| trustix | secure_linux | 3.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| tetex | tetex | 2.0 |
| turbolinux | turbolinux_home | * |
| redhat | enterprise_linux | 4.0 |
| suse | suse_linux | 9.2 |
| libextractor | libextractor | * |
| redhat | linux | 9.0 |
| debian | debian_linux | 3.1 |
| tetex | tetex | 1.0.7 |
| trustix | secure_linux | 2.0 |
| conectiva | linux | 10.0 |
| kde | kpdf | 3.4.3 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| easy_software_products | cups | 1.1.22_rc1 |
| redhat | enterprise_linux_desktop | 4.0 |
| poppler | poppler | 0.4.2 |
| mandrakesoft | mandrake_linux | 10.1 |
| turbolinux | turbolinux_multimedia | * |
| suse | suse_linux | 1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux | 7.3 |
| ubuntu | ubuntu_linux | 5.04 |
| sco | openserver | 5.0.7 |
| kde | kdegraphics | 3.2 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux | 2006 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux | fuji |
| suse | suse_linux | 9.3 |
| ubuntu | ubuntu_linux | 5.10 |
| gentoo | linux | * |
| easy_software_products | cups | 1.1.23 |
| slackware | slackware_linux | 10.1 |
| suse | suse_linux | 10.0 |
| turbolinux | turbolinux_server | 10.0_x86 |
| suse | suse_linux | 9.0 |
| easy_software_products | cups | 1.1.23_rc1 |
| redhat | fedora_core | core_4.0 |
| kde | kpdf | 3.2 |
| kde | koffice | 1.4.1 |
| xpdf | xpdf | 3.0 |
| redhat | enterprise_linux | 3.0 |
| redhat | fedora_core | core_2.0 |
| kde | kdegraphics | 3.4.3 |
| kde | kword | 1.4.2 |
| turbolinux | turbolinux_server | 10.0 |
| tetex | tetex | 3.0 |
| redhat | fedora_core | core_3.0 |
| tetex | tetex | 2.0.1 |
| turbolinux | turbolinux | 10 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.2 |
| suse | suse_linux | 9.1 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 2.1 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| kde | koffice | 1.4 |
| slackware | slackware_linux | 9.0 |
| slackware | slackware_linux | 10.0 |
| slackware | slackware_linux | 10.2 |
| easy_software_products | cups | 1.1.22 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 10.2 |
| kde | koffice | 1.4.2 |
| slackware | slackware_linux | 9.1 |
| turbolinux | turbolinux_personal | * |
| tetex | tetex | 2.0.2 |
| sgi | propack | 3.0 |
| redhat | fedora_core | core_1.0 |
| turbolinux | turbolinux_server | 8.0 |
| redhat | linux_advanced_workstation | 2.1 |
| trustix | secure_linux | 3.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| tetex | tetex | 2.0 |
| turbolinux | turbolinux_home | * |
| redhat | enterprise_linux | 4.0 |
| suse | suse_linux | 9.2 |
| libextractor | libextractor | * |
| redhat | linux | 9.0 |
| debian | debian_linux | 3.1 |
| tetex | tetex | 1.0.7 |
| trustix | secure_linux | 2.0 |
| conectiva | linux | 10.0 |
| kde | kpdf | 3.4.3 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| easy_software_products | cups | 1.1.22_rc1 |
| redhat | enterprise_linux_desktop | 4.0 |
| poppler | poppler | 0.4.2 |
| mandrakesoft | mandrake_linux | 10.1 |
| turbolinux | turbolinux_multimedia | * |
| suse | suse_linux | 1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux | 7.3 |
| ubuntu | ubuntu_linux | 5.04 |
| sco | openserver | 5.0.7 |
| kde | kdegraphics | 3.2 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux | 2006 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux | fuji |
| suse | suse_linux | 9.3 |
| ubuntu | ubuntu_linux | 5.10 |
| gentoo | linux | * |
| easy_software_products | cups | 1.1.23 |
| slackware | slackware_linux | 10.1 |
| suse | suse_linux | 10.0 |
| turbolinux | turbolinux_server | 10.0_x86 |
| suse | suse_linux | 9.0 |
| easy_software_products | cups | 1.1.23_rc1 |
| redhat | fedora_core | core_4.0 |
| kde | kpdf | 3.2 |
| kde | koffice | 1.4.1 |
| xpdf | xpdf | 3.0 |
| redhat | enterprise_linux | 3.0 |
| redhat | fedora_core | core_2.0 |
| kde | kdegraphics | 3.4.3 |
| kde | kword | 1.4.2 |
| turbolinux | turbolinux_server | 10.0 |
| tetex | tetex | 3.0 |
| redhat | fedora_core | core_3.0 |
| tetex | tetex | 2.0.1 |
| turbolinux | turbolinux | 10 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.2 |
| suse | suse_linux | 9.1 |
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xpdf | xpdf | 3.0.1 |
| xpdf | xpdf | 0.91 |
| xpdf | xpdf | 3.0_pl3 |
| xpdf | xpdf | 2.1 |
| xpdf | xpdf | 0.93 |
| xpdf | xpdf | 2.0 |
| xpdf | xpdf | 1.1 |
| libextractor | libextractor | 0.3.8 |
| xpdf | xpdf | 2.3 |
| libextractor | libextractor | 0.3.7 |
| libextractor | libextractor | 0.3.11 |
| libextractor | libextractor | 0.3.6 |
| gnome | gpdf | 2.8.2 |
| libextractor | libextractor | 0.4 |
| xpdf | xpdf | 0.90 |
| xpdf | xpdf | 1.0a |
| libextractor | libextractor | 0.5 |
| xpdf | xpdf | 1.0 |
| libextractor | libextractor | 0.3.9 |
| xpdf | xpdf | 0.92 |
| libextractor | libextractor | 0.4.1 |
| xpdf | xpdf | 3.0_pl2 |
| debian | debian_linux | 3.1 |
| xpdf | xpdf | 3.0 |
| xpdf | xpdf | 3.0.1_pl1 |
| xpdf | xpdf | 2.2 |
| libextractor | libextractor | 0.4.2 |
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libextractor | libextractor | 0.5.13 |