CVE-2005-3624 : Détail

CVE-2005-3624

7.36%V4
Network
2006-01-06
21h00 +00:00
2018-10-19
12h57 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-189 Category : Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 5 AV:N/AC:L/Au:N/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Easy_software_products>>Cups >> Version 1.1.22

Easy_software_products>>Cups >> Version 1.1.22_rc1

Easy_software_products>>Cups >> Version 1.1.23

Easy_software_products>>Cups >> Version 1.1.23_rc1

Kde>>Kdegraphics >> Version 3.2

Kde>>Kdegraphics >> Version 3.4.3

Kde>>Koffice >> Version 1.4

Kde>>Koffice >> Version 1.4.1

Kde>>Koffice >> Version 1.4.2

Kde>>Kpdf >> Version 3.2

Kde>>Kpdf >> Version 3.4.3

Kde>>Kword >> Version 1.4.2

Libextractor>>Libextractor >> Version *

Poppler>>Poppler >> Version 0.4.2

Sgi>>Propack >> Version 3.0

Tetex>>Tetex >> Version 1.0.7

Tetex>>Tetex >> Version 2.0

Tetex>>Tetex >> Version 2.0.1

Tetex>>Tetex >> Version 2.0.2

Tetex>>Tetex >> Version 3.0

Xpdf>>Xpdf >> Version 3.0

Conectiva>>Linux >> Version 10.0

Configuraton 0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.0

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Debian>>Debian_linux >> Version 3.1

Gentoo>>Linux >> Version *

Mandrakesoft>>Mandrake_linux >> Version 10.1

Mandrakesoft>>Mandrake_linux >> Version 10.1

Mandrakesoft>>Mandrake_linux >> Version 10.2

Mandrakesoft>>Mandrake_linux >> Version 10.2

Mandrakesoft>>Mandrake_linux >> Version 2006

Mandrakesoft>>Mandrake_linux >> Version 2006

Mandrakesoft>>Mandrake_linux_corporate_server >> Version 2.1

Mandrakesoft>>Mandrake_linux_corporate_server >> Version 2.1

Mandrakesoft>>Mandrake_linux_corporate_server >> Version 3.0

Mandrakesoft>>Mandrake_linux_corporate_server >> Version 3.0

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Enterprise_linux >> Version 2.1

Redhat>>Enterprise_linux >> Version 3.0

Redhat>>Enterprise_linux >> Version 3.0

Redhat>>Enterprise_linux >> Version 3.0

Redhat>>Enterprise_linux >> Version 4.0

Redhat>>Enterprise_linux >> Version 4.0

Redhat>>Enterprise_linux >> Version 4.0

Redhat>>Enterprise_linux_desktop >> Version 3.0

Redhat>>Enterprise_linux_desktop >> Version 4.0

Redhat>>Fedora_core >> Version core_1.0

Redhat>>Fedora_core >> Version core_2.0

Redhat>>Fedora_core >> Version core_3.0

Redhat>>Fedora_core >> Version core_4.0

Redhat>>Linux >> Version 7.3

Redhat>>Linux >> Version 9.0

Redhat>>Linux_advanced_workstation >> Version 2.1

Redhat>>Linux_advanced_workstation >> Version 2.1

Sco>>Openserver >> Version 5.0.7

Sco>>Openserver >> Version 6.0

Slackware>>Slackware_linux >> Version 9.0

Slackware>>Slackware_linux >> Version 9.1

Slackware>>Slackware_linux >> Version 10.0

Slackware>>Slackware_linux >> Version 10.1

Slackware>>Slackware_linux >> Version 10.2

Suse>>Suse_linux >> Version 1.0

Suse>>Suse_linux >> Version 9.0

Suse>>Suse_linux >> Version 9.0

Suse>>Suse_linux >> Version 9.0

Suse>>Suse_linux >> Version 9.0

Suse>>Suse_linux >> Version 9.0

Suse>>Suse_linux >> Version 9.1

Suse>>Suse_linux >> Version 9.1

Suse>>Suse_linux >> Version 9.1

Suse>>Suse_linux >> Version 9.2

Suse>>Suse_linux >> Version 9.2

Suse>>Suse_linux >> Version 9.2

Suse>>Suse_linux >> Version 9.3

Suse>>Suse_linux >> Version 9.3

Suse>>Suse_linux >> Version 9.3

Suse>>Suse_linux >> Version 10.0

Suse>>Suse_linux >> Version 10.0

Trustix>>Secure_linux >> Version 2.0

Trustix>>Secure_linux >> Version 2.2

Trustix>>Secure_linux >> Version 3.0

Turbolinux>>Turbolinux >> Version 10

Turbolinux>>Turbolinux >> Version fuji

Turbolinux>>Turbolinux_appliance_server >> Version 1.0_hosting_edition

Turbolinux>>Turbolinux_appliance_server >> Version 1.0_workgroup_edition

Turbolinux>>Turbolinux_desktop >> Version 10.0

Turbolinux>>Turbolinux_home >> Version *

Turbolinux>>Turbolinux_multimedia >> Version *

Turbolinux>>Turbolinux_personal >> Version *

Turbolinux>>Turbolinux_server >> Version 8.0

Turbolinux>>Turbolinux_server >> Version 10.0

Turbolinux>>Turbolinux_server >> Version 10.0_x86

Turbolinux>>Turbolinux_workstation >> Version 8.0

Ubuntu>>Ubuntu_linux >> Version 4.1

Ubuntu>>Ubuntu_linux >> Version 4.1

Ubuntu>>Ubuntu_linux >> Version 5.04

Ubuntu>>Ubuntu_linux >> Version 5.04

Ubuntu>>Ubuntu_linux >> Version 5.04

Ubuntu>>Ubuntu_linux >> Version 5.10

Ubuntu>>Ubuntu_linux >> Version 5.10

Ubuntu>>Ubuntu_linux >> Version 5.10

Références

http://www.securityfocus.com/bid/16143
Tags : vdb-entry, x_refsource_BID
http://www.debian.org/security/2005/dsa-932
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18349
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18147
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18679
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18312
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18644
Tags : third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/236-1/
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/18425
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18373
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18303
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-931
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18554
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/19230
Tags : third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
Tags : vendor-advisory, x_refsource_SUNALERT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2006/dsa-962
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2006-0163.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2005/dsa-937
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18398
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/427053/100/0/threaded
Tags : vendor-advisory, x_refsource_FEDORA
http://www.trustix.org/errata/2006/0002/
Tags : vendor-advisory, x_refsource_TRUSTIX
http://www.debian.org/security/2006/dsa-936
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18329
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18463
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18642
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18674
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/18313
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18448
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18436
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18428
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18380
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18423
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18416
Tags : third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2006-0177.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2007/2280
Tags : vdb-entry, x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/18407
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18332
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18517
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18582
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18534
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18908
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25729
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18414
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/18338
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0160.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
Tags : vendor-advisory, x_refsource_MANDRAKE
http://www.debian.org/security/2005/dsa-940
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
Tags : vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2006/0047
Tags : vdb-entry, x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/18389
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19377
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/427990/100/0/threaded
Tags : vendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2006/dsa-961
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18675
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18913
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-938
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18334
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18375
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-950
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18387
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/18385
Tags : third-party-advisory, x_refsource_SECUNIA
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.