suse · CVE-2005-3624

Quick triage

Priority: medium Published: 2021-05-30 12:34:06 UTC Updated: 2026-04-18 20:42:34 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2005-3624 severity moderate: SUSE including 25 source package names (cups-2.3.3op2-4.2, cups-2.4.11-160000.2.2, …), 25 product×package rows across 5 product lines (SUSE Linux Enterprise Module for Legacy 12, SUSE Linux Enterprise Server 16.0, … (5 product lines)): Fixed 21, Known Not Affected 4.

Description:

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

cvelogic Threat Intelligence