CVE-2005-3624 (CNNVD-200512-760)

MEDIUM
中文标题:
KPdf和KWord多个缓冲区溢出漏洞
英文标题:
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t...
CVSS分数: 5.0
发布时间: 2006-01-06 22:00:00
漏洞类型: 数字错误
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

KPdf是kdegraphics软件包中捆绑的基于KDE的PDF浏览器,KWord是koffice软件包中捆绑的基于KDE的文字处理器。 KPdf和KWord都包含有用于处理PDF文件的Xpdf代码,该Xpdf代码中存在几个堆溢出和整数溢出。如果攻击者能够诱骗用户使用Kpdf或KWord打开特制的PDF文件的话,就可以以受影响应用程序的权限执行任意代码。

英文描述:

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CWE类型:
CWE-189
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
easy_software_products cups 1.1.22 - - cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
easy_software_products cups 1.1.22_rc1 - - cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
easy_software_products cups 1.1.23 - - cpe:2.3:a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
easy_software_products cups 1.1.23_rc1 - - cpe:2.3:a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
kde kdegraphics 3.2 - - cpe:2.3:a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
kde kdegraphics 3.4.3 - - cpe:2.3:a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*
kde koffice 1.4 - - cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*
kde koffice 1.4.1 - - cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*
kde koffice 1.4.2 - - cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*
kde kpdf 3.2 - - cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
kde kpdf 3.4.3 - - cpe:2.3:a:kde:kpdf:3.4.3:*:*:*:*:*:*:*
kde kword 1.4.2 - - cpe:2.3:a:kde:kword:1.4.2:*:*:*:*:*:*:*
libextractor libextractor * - - cpe:2.3:a:libextractor:libextractor:*:*:*:*:*:*:*:*
poppler poppler 0.4.2 - - cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
sgi propack 3.0 - - cpe:2.3:a:sgi:propack:3.0:sp6:*:*:*:*:*:*
tetex tetex 1.0.7 - - cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
tetex tetex 2.0 - - cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
tetex tetex 2.0.1 - - cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
tetex tetex 2.0.2 - - cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
tetex tetex 3.0 - - cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*
xpdf xpdf 3.0 - - cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
conectiva linux 10.0 - - cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
debian debian_linux 3.0 - - cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
debian debian_linux 3.1 - - cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
gentoo linux * - - cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 10.1 - - cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 10.2 - - cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 2006 - - cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 2.1 - - cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 3.0 - - cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
redhat enterprise_linux 2.1 - - cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
redhat enterprise_linux 3.0 - - cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
redhat enterprise_linux 4.0 - - cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
redhat enterprise_linux_desktop 3.0 - - cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 4.0 - - cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
redhat fedora_core core_1.0 - - cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
redhat fedora_core core_2.0 - - cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
redhat fedora_core core_3.0 - - cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
redhat fedora_core core_4.0 - - cpe:2.3:o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*
redhat linux 7.3 - - cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
redhat linux 9.0 - - cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
redhat linux_advanced_workstation 2.1 - - cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
sco openserver 5.0.7 - - cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*
sco openserver 6.0 - - cpe:2.3:o:sco:openserver:6.0:*:*:*:*:*:*:*
slackware slackware_linux 9.0 - - cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
slackware slackware_linux 9.1 - - cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
slackware slackware_linux 10.0 - - cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
slackware slackware_linux 10.1 - - cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*
slackware slackware_linux 10.2 - - cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*
suse suse_linux 1.0 - - cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*
suse suse_linux 9.0 - - cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
suse suse_linux 9.1 - - cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
suse suse_linux 9.2 - - cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
suse suse_linux 9.3 - - cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
suse suse_linux 10.0 - - cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
trustix secure_linux 2.0 - - cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
trustix secure_linux 2.2 - - cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
trustix secure_linux 3.0 - - cpe:2.3:o:trustix:secure_linux:3.0:*:*:*:*:*:*:*
turbolinux turbolinux 10 - - cpe:2.3:o:turbolinux:turbolinux:10:*:*:*:*:*:*:*
turbolinux turbolinux fuji - - cpe:2.3:o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
turbolinux turbolinux_appliance_server 1.0_hosting_edition - - cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_hosting_edition:*:*:*:*:*:*:*
turbolinux turbolinux_appliance_server 1.0_workgroup_edition - - cpe:2.3:o:turbolinux:turbolinux_appliance_server:1.0_workgroup_edition:*:*:*:*:*:*:*
turbolinux turbolinux_desktop 10.0 - - cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*
turbolinux turbolinux_home * - - cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*
turbolinux turbolinux_multimedia * - - cpe:2.3:o:turbolinux:turbolinux_multimedia:*:*:*:*:*:*:*:*
turbolinux turbolinux_personal * - - cpe:2.3:o:turbolinux:turbolinux_personal:*:*:*:*:*:*:*:*
turbolinux turbolinux_server 8.0 - - cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*
turbolinux turbolinux_server 10.0 - - cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*
turbolinux turbolinux_server 10.0_x86 - - cpe:2.3:o:turbolinux:turbolinux_server:10.0_x86:*:*:*:*:*:*:*
turbolinux turbolinux_workstation 8.0 - - cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*
ubuntu ubuntu_linux 4.1 - - cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
ubuntu ubuntu_linux 5.04 - - cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
ubuntu ubuntu_linux 5.10 - - cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
16143 vdb-entry
cve.org
访问
DSA-932 vendor-advisory
cve.org
访问
18349 third-party-advisory
cve.org
访问
18147 third-party-advisory
cve.org
访问
SCOSA-2006.15 vendor-advisory
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
18679 third-party-advisory
cve.org
访问
18312 third-party-advisory
cve.org
访问
18644 third-party-advisory
cve.org
访问
USN-236-1 vendor-advisory
cve.org
访问
18425 third-party-advisory
cve.org
访问
18373 third-party-advisory
cve.org
访问
18303 third-party-advisory
cve.org
访问
DSA-931 vendor-advisory
cve.org
访问
18554 third-party-advisory
cve.org
访问
MDKSA-2006:003 vendor-advisory
cve.org
访问
19230 third-party-advisory
cve.org
访问
102972 vendor-advisory
cve.org
访问
MDKSA-2006:012 vendor-advisory
cve.org
访问
DSA-962 vendor-advisory
cve.org
访问
RHSA-2006:0163 vendor-advisory
cve.org
访问
DSA-937 vendor-advisory
cve.org
访问
18398 third-party-advisory
cve.org
访问
FLSA-2006:176751 vendor-advisory
cve.org
访问
2006-0002 vendor-advisory
cve.org
访问
SUSE-SA:2006:001 vendor-advisory
cve.org
访问
DSA-936 vendor-advisory
cve.org
访问
FEDORA-2005-026 vendor-advisory
cve.org
访问
18329 third-party-advisory
cve.org
访问
18463 third-party-advisory
cve.org
访问
18642 third-party-advisory
cve.org
访问
18674 third-party-advisory
cve.org
访问
MDKSA-2006:005 vendor-advisory
cve.org
访问
18313 third-party-advisory
cve.org
访问
20051201-01-U vendor-advisory
cve.org
访问
20060101-01-U vendor-advisory
cve.org
访问
18448 third-party-advisory
cve.org
访问
18436 third-party-advisory
cve.org
访问
18428 third-party-advisory
cve.org
访问
18380 third-party-advisory
cve.org
访问
18423 third-party-advisory
cve.org
访问
18416 third-party-advisory
cve.org
访问
RHSA-2006:0177 vendor-advisory
cve.org
访问
ADV-2007-2280 vdb-entry
cve.org
访问
GLSA-200601-02 vendor-advisory
cve.org
访问
18407 third-party-advisory
cve.org
访问
18332 third-party-advisory
cve.org
访问
18517 third-party-advisory
cve.org
访问
18582 third-party-advisory
cve.org
访问
18534 third-party-advisory
cve.org
访问
SSA:2006-045-09 vendor-advisory
cve.org
访问
18908 third-party-advisory
cve.org
访问
25729 third-party-advisory
cve.org
访问
18414 third-party-advisory
cve.org
访问
MDKSA-2006:006 vendor-advisory
cve.org
访问
18338 third-party-advisory
cve.org
访问
MDKSA-2006:008 vendor-advisory
cve.org
访问
20060201-01-U vendor-advisory
cve.org
访问
RHSA-2006:0160 vendor-advisory
cve.org
访问
MDKSA-2006:010 vendor-advisory
cve.org
访问
DSA-940 vendor-advisory
cve.org
访问
MDKSA-2006:004 vendor-advisory
cve.org
访问
ADV-2006-0047 vdb-entry
cve.org
访问
GLSA-200601-17 vendor-advisory
cve.org
访问
xpdf-ccitt-faxstream-bo(24022) vdb-entry
cve.org
访问
18389 third-party-advisory
cve.org
访问
oval:org.mitre.oval:def:9437 vdb-entry
cve.org
访问
SSA:2006-045-04 vendor-advisory
cve.org
访问
19377 third-party-advisory
cve.org
访问
FEDORA-2005-025 vendor-advisory
cve.org
访问
FLSA:175404 vendor-advisory
cve.org
访问
DSA-961 vendor-advisory
cve.org
访问
18675 third-party-advisory
cve.org
访问
18913 third-party-advisory
cve.org
访问
DSA-938 vendor-advisory
cve.org
访问
18334 third-party-advisory
cve.org
访问
18375 third-party-advisory
cve.org
访问
DSA-950 vendor-advisory
cve.org
访问
18387 third-party-advisory
cve.org
访问
MDKSA-2006:011 vendor-advisory
cve.org
访问
18385 third-party-advisory
cve.org
访问
CVSS评分详情
5.0
MEDIUM
CVSS向量: AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS版本: 2.0
机密性
NONE
完整性
PARTIAL
可用性
NONE
时间信息
发布时间:
2006-01-06 22:00:00
修改时间:
2024-08-07 23:17:23
创建时间:
2025-11-11 15:32:29
更新时间:
2025-11-11 15:49:03
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2005-3624 2025-11-11 15:17:36 2025-11-11 07:32:29
NVD nvd_CVE-2005-3624 2025-11-11 14:51:21 2025-11-11 07:41:15
CNNVD cnnvd_CNNVD-200512-760 2025-11-11 15:08:49 2025-11-11 07:49:03
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:03
vulnerability_type: 未提取 → 数字错误; cnnvd_id: 未提取 → CNNVD-200512-760; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 数字错误
  • cnnvd_id: 未提取 -> CNNVD-200512-760
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:15
cvss_score: 未提取 → 5.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:N/I:P/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 73; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 5.0
  • cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:N/I:P/A:N
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 73
  • data_sources: ['cve'] -> ['cve', 'nvd']