CVE-2005-3624
EPSS 7.2%
Description
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
How to fix CVE-2005-3624
To remediate CVE-2005-3624, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.1.22-7 or later
- Debian/libextractor—upgrade to 0.5.9-1 or later
- Debian/poppler—upgrade to 0.4.4-1 or later
- —upgrade to 3.01-4 or later
Is CVE-2005-3624 being exploited?
Moderate — EPSS is 7.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 1.1.22-7
- from 0, < 0.5.9-1
- from 0, < 0.4.4-1
- from 0, < 3.01-4