The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE
Ubuntu Ubuntu linux 5.04 Amd64 (not an official CPE)
Ubuntu Ubuntu linux 4.1 Ia64 (not an official CPE)
Ubuntu Ubuntu linux 4.1 Ppc (not an official CPE)
Turbolinux Turbolinux server 10.0 x86 (not an official CPE)
Turbolinux Turbolinux workstation 8.0 (not an official CPE)
Turbolinux Turbolinux server 10.0 (not an official CPE)
Turbolinux Turbolinux server 8.0 (not an official CPE)
Turbolinux Turbolinux personal (not an official CPE)
Turbolinux Turbolinux desktop 10.0 (not an official CPE)
Turbolinux Turbolinux home (not an official CPE)
Turbolinux Turbolinux multimedia (not an official CPE)
Turbolinux Turbolinux appliance server 1.0 workgroup edition (not an official CPE)
Turbolinux Turbolinux appliance server 1.0 hosting edition (not an official CPE)
Trustix Secure Linux 3.0
Turbolinux Turbolinux 10 (not an official CPE)
Turbolinux Turbolinux Fuji (not an official CPE)
Trustix Secure Linux 2.0
Trustix Secure Linux 2.2
Suse Suse linux 10.0 Professional (not an official CPE)
Suse Suse linux 10.0 Oss (not an official CPE)
Suse Suse linux 9.3 Personal (not an official CPE)
Suse Suse linux 9.3 Professional (not an official CPE)
Suse Suse linux 9.3 X86 64 (not an official CPE)
Suse Suse linux 9.2 X86 64 (not an official CPE)
Suse Suse linux 9.2 Professional (not an official CPE)
Suse Suse linux 9.2 Personal (not an official CPE)
Suse Suse linux 9.1 X86 64 (not an official CPE)
Suse Suse linux 9.1 Professional (not an official CPE)
Suse Suse linux 9.0 X86 64 (not an official CPE)
Suse Suse linux 9.1 Personal (not an official CPE)
Suse Suse linux 9.0 S 390 (not an official CPE)
Suse Suse linux 9.0 Professional (not an official CPE)
Suse Suse linux 9.0 Personal (not an official CPE)
SuSE SuSE Linux 1.0
Suse Suse linux 9.0 Enterprise server (not an official CPE)
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Sco Openserver 6.0 (not an official CPE)
Slackware Linux 9.0
Slackware Linux 9.1
Sco Openserver 5.0.7 (not an official CPE)
Redhat Linux advanced workstation 2.1 Itanium (not an official CPE)
Redhat Linux 7.3 I386 (not an official CPE)
Redhat Linux 9.0 I386 (not an official CPE)
Redhat Linux advanced workstation 2.1 Ia64 (not an official CPE)
Redhat Fedora core Core 4.0 (not an official CPE)
Redhat Fedora core Core 3.0 (not an official CPE)
Redhat Fedora core Core 2.0 (not an official CPE)
Redhat Fedora core Core 1.0 (not an official CPE)
Red Hat Desktop 4.0
Red Hat Desktop 3.0
Redhat Enterprise linux 4.0 Workstation (not an official CPE)
Redhat Enterprise linux 4.0 Enterprise server (not an official CPE)
Redhat Enterprise linux 4.0 Advanced server (not an official CPE)
Redhat Enterprise linux 3.0 Workstation server (not an official CPE)
Redhat Enterprise linux 3.0 Enterprise server (not an official CPE)
Redhat Enterprise linux 2.1 Workstation ia64 (not an official CPE)
Redhat Enterprise linux 3.0 Advanced server (not an official CPE)
Redhat Enterprise linux 2.1 Workstation (not an official CPE)
Redhat Enterprise linux 2.1 Enterprise server ia64 (not an official CPE)
Redhat Enterprise linux 2.1 Enterprise server (not an official CPE)
Redhat Enterprise linux 2.1 Advanced server ia64 (not an official CPE)
Redhat Enterprise linux 2.1 Advanced server (not an official CPE)
Mandrakesoft Mandrake linux corporate server 3.0 X86 64 (not an official CPE)
MandrakeSoft Mandrake Corporate Server 3.0
MandrakeSoft Mandrake Linux Corporate Server 2.1
Mandrakesoft Mandrake linux corporate server 2.1 X86 64 (not an official CPE)
MandrakeSoft Mandrake Linux 2006.0
Mandrakesoft Mandrake linux 2006 X86-64 (not an official CPE)
MandrakeSoft Mandrake Linux 10.2
Mandrakesoft Mandrake linux 10.2 X86-64 (not an official CPE)
Mandrakesoft Mandrake linux 10.1 X86-64 (not an official CPE)
MandrakeSoft Mandrake Linux 10.1
Gentoo Linux
Debian Debian linux 3.1 Sparc (not an official CPE)
Debian Debian linux 3.1 S-390 (not an official CPE)
Debian Debian linux 3.1 Ppc (not an official CPE)
Debian Debian linux 3.1 Mipsel (not an official CPE)
Debian Debian linux 3.1 M68k (not an official CPE)
Debian Debian linux 3.1 Mips (not an official CPE)
Debian Debian linux 3.1 Ia-64 (not an official CPE)
Debian Debian linux 3.1 Ia-32 (not an official CPE)
Debian Debian linux 3.1 Hppa (not an official CPE)
Debian Debian linux 3.1 Arm (not an official CPE)
Debian Debian linux 3.1 Amd64 (not an official CPE)
Debian Debian linux 3.1 Alpha (not an official CPE)
Debian Debian Linux 3.1
Debian Debian linux 3.0 Sparc (not an official CPE)
Debian Debian linux 3.0 S-390 (not an official CPE)
Debian Debian linux 3.0 Ppc (not an official CPE)
Debian Debian linux 3.0 Mipsel (not an official CPE)
Debian Debian linux 3.0 Mips (not an official CPE)
Debian Debian linux 3.0 M68k (not an official CPE)
Debian Debian linux 3.0 Ia-64 (not an official CPE)
Debian Debian linux 3.0 Ia-32 (not an official CPE)
Debian Debian linux 3.0 Hppa (not an official CPE)
Debian Debian linux 3.0 Arm (not an official CPE)
Debian Debian linux 3.0 Alpha (not an official CPE)
Debian Debian Linux 3.0
Conectiva Linux 10.0
Ubuntu Ubuntu linux 5.04 I386 (not an official CPE)
Ubuntu Ubuntu linux 5.04 Powerpc (not an official CPE)
Ubuntu Ubuntu linux 5.10 Amd64 (not an official CPE)
Ubuntu Ubuntu linux 5.10 I386 (not an official CPE)
Ubuntu Ubuntu linux 5.10 Powerpc (not an official CPE)
Xpdf Xpdf 3.0 (not an official CPE)
Tetex Tetex 3.0 (not an official CPE)
Tetex Tetex 2.0.2 (not an official CPE)
Tetex Tetex 2.0 (not an official CPE)
Tetex Tetex 2.0.1 (not an official CPE)
Sgi Propack 3.0 Sp6 (not an official CPE)
Tetex Tetex 1.0.7 (not an official CPE)
Poppler Poppler 0.4.2 (not an official CPE)
Kde Kword 1.4.2 (not an official CPE)
Libextractor Libextractor (not an official CPE)
Kde Kpdf 3.4.3 (not an official CPE)
Kde Kpdf 3.2 (not an official CPE)
KDE KOffice 1.4.2
KDE KOffice 1.4.1
KDE KOffice 1.4
Kde Kdegraphics 3.4.3 (not an official CPE)
Kde Kdegraphics 3.2 (not an official CPE)
Easy software products Cups 1.1.23 rc1 (not an official CPE)
Easy software products Cups 1.1.23 (not an official CPE)
Easy software products Cups 1.1.22 rc1 (not an official CPE)
Easy software products Cups 1.1.22 (not an official CPE)
Ubuntu - Ubuntu linux
Turbolinux - Turbolinux server
Turbolinux - Turbolinux workstation
Turbolinux - Turbolinux personal
Turbolinux - Turbolinux desktop
Turbolinux - Turbolinux home
Turbolinux - Turbolinux multimedia
Turbolinux - Turbolinux appliance server
Trustix - Secure linux
Turbolinux - Turbolinux
Suse - Suse linux
Slackware - Slackware linux
Sco - Openserver
Redhat - Linux advanced workstation
Redhat - Linux
Redhat - Fedora core
Redhat - Enterprise linux desktop
Redhat - Enterprise linux
Mandrakesoft - Mandrake linux corporate server
Mandrakesoft - Mandrake linux
Gentoo - Linux
Debian - Debian linux
Conectiva - Linux
Xpdf - Xpdf
Tetex - Tetex
Sgi - Propack
Poppler - Poppler
Kde - Kword
Libextractor - Libextractor
Kde - Kpdf
Kde - Koffice
Kde - Kdegraphics
Easy software products - Cups