ID CVE-2004-0888
Summary Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
References
Vulnerable Configurations
  • cpe:2.3:a:easy_software_products:cups:1.0.4
    cpe:2.3:a:easy_software_products:cups:1.0.4
  • cpe:2.3:a:easy_software_products:cups:1.0.4_8
    cpe:2.3:a:easy_software_products:cups:1.0.4_8
  • cpe:2.3:a:easy_software_products:cups:1.1.1
    cpe:2.3:a:easy_software_products:cups:1.1.1
  • cpe:2.3:a:easy_software_products:cups:1.1.4
    cpe:2.3:a:easy_software_products:cups:1.1.4
  • cpe:2.3:a:easy_software_products:cups:1.1.4_2
    cpe:2.3:a:easy_software_products:cups:1.1.4_2
  • cpe:2.3:a:easy_software_products:cups:1.1.4_3
    cpe:2.3:a:easy_software_products:cups:1.1.4_3
  • cpe:2.3:a:easy_software_products:cups:1.1.4_5
    cpe:2.3:a:easy_software_products:cups:1.1.4_5
  • cpe:2.3:a:easy_software_products:cups:1.1.6
    cpe:2.3:a:easy_software_products:cups:1.1.6
  • cpe:2.3:a:easy_software_products:cups:1.1.7
    cpe:2.3:a:easy_software_products:cups:1.1.7
  • cpe:2.3:a:easy_software_products:cups:1.1.10
    cpe:2.3:a:easy_software_products:cups:1.1.10
  • cpe:2.3:a:easy_software_products:cups:1.1.12
    cpe:2.3:a:easy_software_products:cups:1.1.12
  • cpe:2.3:a:easy_software_products:cups:1.1.13
    cpe:2.3:a:easy_software_products:cups:1.1.13
  • cpe:2.3:a:easy_software_products:cups:1.1.14
    cpe:2.3:a:easy_software_products:cups:1.1.14
  • cpe:2.3:a:easy_software_products:cups:1.1.15
    cpe:2.3:a:easy_software_products:cups:1.1.15
  • cpe:2.3:a:easy_software_products:cups:1.1.16
    cpe:2.3:a:easy_software_products:cups:1.1.16
  • cpe:2.3:a:easy_software_products:cups:1.1.17
    cpe:2.3:a:easy_software_products:cups:1.1.17
  • cpe:2.3:a:easy_software_products:cups:1.1.18
    cpe:2.3:a:easy_software_products:cups:1.1.18
  • cpe:2.3:a:easy_software_products:cups:1.1.19
    cpe:2.3:a:easy_software_products:cups:1.1.19
  • cpe:2.3:a:easy_software_products:cups:1.1.19_rc5
    cpe:2.3:a:easy_software_products:cups:1.1.19_rc5
  • cpe:2.3:a:easy_software_products:cups:1.1.20
    cpe:2.3:a:easy_software_products:cups:1.1.20
  • cpe:2.3:a:gnome:gpdf:0.112
    cpe:2.3:a:gnome:gpdf:0.112
  • cpe:2.3:a:gnome:gpdf:0.131
    cpe:2.3:a:gnome:gpdf:0.131
  • KDE KOffice 1.3
    cpe:2.3:a:kde:koffice:1.3
  • KDE KOffice 1.3.1
    cpe:2.3:a:kde:koffice:1.3.1
  • KDE KOffice 1.3.2
    cpe:2.3:a:kde:koffice:1.3.2
  • KDE KOffice 1.3.3
    cpe:2.3:a:kde:koffice:1.3.3
  • cpe:2.3:a:kde:koffice:1.3_beta1
    cpe:2.3:a:kde:koffice:1.3_beta1
  • cpe:2.3:a:kde:koffice:1.3_beta2
    cpe:2.3:a:kde:koffice:1.3_beta2
  • cpe:2.3:a:kde:koffice:1.3_beta3
    cpe:2.3:a:kde:koffice:1.3_beta3
  • cpe:2.3:a:kde:kpdf:3.2
    cpe:2.3:a:kde:kpdf:3.2
  • cpe:2.3:a:pdftohtml:pdftohtml:0.32a
    cpe:2.3:a:pdftohtml:pdftohtml:0.32a
  • cpe:2.3:a:pdftohtml:pdftohtml:0.32b
    cpe:2.3:a:pdftohtml:pdftohtml:0.32b
  • cpe:2.3:a:pdftohtml:pdftohtml:0.33
    cpe:2.3:a:pdftohtml:pdftohtml:0.33
  • cpe:2.3:a:pdftohtml:pdftohtml:0.33a
    cpe:2.3:a:pdftohtml:pdftohtml:0.33a
  • cpe:2.3:a:pdftohtml:pdftohtml:0.34
    cpe:2.3:a:pdftohtml:pdftohtml:0.34
  • cpe:2.3:a:pdftohtml:pdftohtml:0.35
    cpe:2.3:a:pdftohtml:pdftohtml:0.35
  • cpe:2.3:a:pdftohtml:pdftohtml:0.36
    cpe:2.3:a:pdftohtml:pdftohtml:0.36
  • cpe:2.3:a:tetex:tetex:1.0.7
    cpe:2.3:a:tetex:tetex:1.0.7
  • cpe:2.3:a:tetex:tetex:2.0
    cpe:2.3:a:tetex:tetex:2.0
  • cpe:2.3:a:tetex:tetex:2.0.1
    cpe:2.3:a:tetex:tetex:2.0.1
  • cpe:2.3:a:tetex:tetex:2.0.2
    cpe:2.3:a:tetex:tetex:2.0.2
  • cpe:2.3:a:xpdf:xpdf:0.90
    cpe:2.3:a:xpdf:xpdf:0.90
  • cpe:2.3:a:xpdf:xpdf:0.91
    cpe:2.3:a:xpdf:xpdf:0.91
  • cpe:2.3:a:xpdf:xpdf:0.92
    cpe:2.3:a:xpdf:xpdf:0.92
  • cpe:2.3:a:xpdf:xpdf:0.93
    cpe:2.3:a:xpdf:xpdf:0.93
  • cpe:2.3:a:xpdf:xpdf:1.0
    cpe:2.3:a:xpdf:xpdf:1.0
  • cpe:2.3:a:xpdf:xpdf:1.0a
    cpe:2.3:a:xpdf:xpdf:1.0a
  • cpe:2.3:a:xpdf:xpdf:1.1
    cpe:2.3:a:xpdf:xpdf:1.1
  • cpe:2.3:a:xpdf:xpdf:2.0
    cpe:2.3:a:xpdf:xpdf:2.0
  • cpe:2.3:a:xpdf:xpdf:2.1
    cpe:2.3:a:xpdf:xpdf:2.1
  • cpe:2.3:a:xpdf:xpdf:2.3
    cpe:2.3:a:xpdf:xpdf:2.3
  • cpe:2.3:a:xpdf:xpdf:3.0
    cpe:2.3:a:xpdf:xpdf:3.0
  • Debian Debian Linux 3.0
    cpe:2.3:o:debian:debian_linux:3.0
  • cpe:2.3:o:debian:debian_linux:3.0:-:alpha
    cpe:2.3:o:debian:debian_linux:3.0:-:alpha
  • cpe:2.3:o:debian:debian_linux:3.0:-:arm
    cpe:2.3:o:debian:debian_linux:3.0:-:arm
  • cpe:2.3:o:debian:debian_linux:3.0:-:hppa
    cpe:2.3:o:debian:debian_linux:3.0:-:hppa
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
  • cpe:2.3:o:debian:debian_linux:3.0:-:m68k
    cpe:2.3:o:debian:debian_linux:3.0:-:m68k
  • cpe:2.3:o:debian:debian_linux:3.0:-:mips
    cpe:2.3:o:debian:debian_linux:3.0:-:mips
  • cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
    cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
  • cpe:2.3:o:debian:debian_linux:3.0:-:ppc
    cpe:2.3:o:debian:debian_linux:3.0:-:ppc
  • cpe:2.3:o:debian:debian_linux:3.0:-:s-390
    cpe:2.3:o:debian:debian_linux:3.0:-:s-390
  • cpe:2.3:o:debian:debian_linux:3.0:-:sparc
    cpe:2.3:o:debian:debian_linux:3.0:-:sparc
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
  • cpe:2.3:o:kde:kde:3.2
    cpe:2.3:o:kde:kde:3.2
  • cpe:2.3:o:kde:kde:3.2.1
    cpe:2.3:o:kde:kde:3.2.1
  • cpe:2.3:o:kde:kde:3.2.2
    cpe:2.3:o:kde:kde:3.2.2
  • cpe:2.3:o:kde:kde:3.2.3
    cpe:2.3:o:kde:kde:3.2.3
  • cpe:2.3:o:kde:kde:3.3
    cpe:2.3:o:kde:kde:3.3
  • cpe:2.3:o:kde:kde:3.3.1
    cpe:2.3:o:kde:kde:3.3.1
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • cpe:2.3:o:redhat:fedora_core:core_2.0
    cpe:2.3:o:redhat:fedora_core:core_2.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
  • SuSE SuSE Linux 8.0
    cpe:2.3:o:suse:suse_linux:8.0
  • SuSE SuSE Linux 8.1
    cpe:2.3:o:suse:suse_linux:8.1
  • SuSE SuSE Linux 8.2
    cpe:2.3:o:suse:suse_linux:8.2
  • SuSE SuSE Linux 9.0
    cpe:2.3:o:suse:suse_linux:9.0
  • cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
    cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
  • SuSE SuSE Linux 9.1
    cpe:2.3:o:suse:suse_linux:9.1
  • SuSE SuSE Linux 9.2
    cpe:2.3:o:suse:suse_linux:9.2
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-053.NASL
    description Updated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects CUPS due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1267 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the 'lp' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. The lppasswd utility was found to ignore write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1268 and CVE-2004-1269 to these issues. The lppasswd utility was found to not verify that the passwd.new file is different from STDERR, which could allow local users to control output to passwd.new via certain user input that triggers an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1270 to this issue. All users of cups should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17174
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17174
    title RHEL 4 : CUPS (RHSA-2005:053)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200410-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200410-30 (GPdf, KPDF, KOffice: Vulnerabilities in included xpdf) GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact : An attacker could entice a user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running the affected utility. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 15582
    published 2004-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15582
    title GLSA-200410-30 : GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-114.NASL
    description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like gpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15549
    published 2004-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15549
    title Mandrake Linux Security Advisory : gpdf (MDKSA-2004:114)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200410-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200410-20 (Xpdf, CUPS: Multiple integer overflows) Chris Evans discovered multiple integer overflow issues in Xpdf. Impact : An attacker could entice an user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf. By enticing an user to directly print the PDF file to a CUPS printer, an attacker could also crash the CUPS spooler or execute arbitrary code with the rights of the CUPS spooler, which is usually the 'lp' user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 15539
    published 2004-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15539
    title GLSA-200410-20 : Xpdf, CUPS: Multiple integer overflows
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-14-1.NASL
    description Markus Meissner discovered even more integer overflow vulnerabilities in xpdf, a viewer for PDF files. These integer overflows can eventually lead to buffer overflows. The Common UNIX Printing System (CUPS) uses the same code to print PDF files; tetex-bin uses the code to generate PDF output and process included PDF files. In any case, these vulnerabilities could be exploited by an attacker providing a specially crafted PDF file which, when processed by CUPS, xpdf, or pdflatex, could result in abnormal program termination or the execution of program code supplied by the attacker. In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). In the cases of xpdf and pdflatex, this bug could be exploited to gain the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-25
    plugin id 20532
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20532
    title Ubuntu 4.10 : xpdf vulnerabilities (USN-14-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-113.NASL
    description Chris Evans discovered numerous vulnerabilities in the xpdf package : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CVE-2004-0888) Multiple integer overflow issues affecting xpdf-3.0 only. These can result in DoS or possibly arbitrary code execution. (CVE-2004-0889) Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only. The updated packages are patched to deal with these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15548
    published 2004-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15548
    title Mandrake Linux Security Advisory : xpdf (MDKSA-2004:113)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-066.NASL
    description Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 17178
    published 2005-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17178
    title RHEL 4 : kdegraphics (RHSA-2005:066)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2004_039.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2004:039 (xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups). Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Team found similar bugs in xpdf 3. These bugs can be exploited by tricking an user to open a malformated PDF file. As a result the PDF viewer can be crashed or may be even code can be executed.
    last seen 2019-02-21
    modified 2010-10-06
    plugin id 15569
    published 2004-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15569
    title SUSE-SA:2004:039: xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-116.NASL
    description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CVE-2004-0888) Also, when CUPS debugging is enabled, device URIs containing username and password end up in error_log. This information is also visible via 'ps'. (CVE-2004-0923) The updated packages are patched to protect against these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15551
    published 2004-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15551
    title Mandrake Linux Security Advisory : cups (MDKSA-2004:116)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-543.NASL
    description Updated cups packages that fix denial of service issues, a security information leak, as well as other various bugs are now available. The Common UNIX Printing System (CUPS) is a print spooler. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used for parsing PDF files and is therefore affected by these bugs. An attacker who has the ability to send a malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. When set up to print to a shared printer via Samba, CUPS would authenticate with that shared printer using a username and password. By default, the username and password used to connect to the Samba share is written into the error log file. A local user who is able to read the error log file could collect these usernames and passwords. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0923 to this issue. These updated packages also include a fix that prevents some CUPS configuration files from being accidentally replaced. All users of CUPS should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15630
    published 2004-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15630
    title RHEL 3 : cups (RHSA-2004:543)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-9-1.NASL
    description Chris Evans and Marcus Meissner recently discovered several integer overflow vulnerabilities in xpdf, a viewer for PDF files. Because tetex-bin contains xpdf code, it is also affected. These vulnerabilities could be exploited by an attacker providing a specially crafted TeX, LaTeX, or PDF file. Processing such a file with pdflatex could result in abnormal program termination or the execution of program code supplied by the attacker. This bug could be exploited to gain the privileges of the user invoking pdflatex. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20715
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20715
    title Ubuntu 4.10 : tetex-bin vulnerabilities (USN-9-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-592.NASL
    description An updated xpdf package that fixes a number of integer overflow security flaws is now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15632
    published 2004-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15632
    title RHEL 2.1 / 3 : xpdf (RHSA-2004:592)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200411-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200411-30 (pdftohtml: Vulnerabilities in included Xpdf) Xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact : An attacker could entice a user to convert a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running pdftohtml. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 15792
    published 2004-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15792
    title GLSA-200411-30 : pdftohtml: Vulnerabilities in included Xpdf
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-357.NASL
    description A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15584
    published 2004-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15584
    title Fedora Core 2 : kdegraphics-3.2.2-1.1 (2004-357)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080401_CUPS_ON_SL3_X.NASL
    description SL5 Only: A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the 'lp' user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047) Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the 'lp' user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters 'imagetops' and 'imagetoraster'. An attacker could create a malicious GIF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1373) SL 3 & 4 Only: It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Scientific Linux 3 and 4 did not completely resolve the integer overflow in the 'pdftops' filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1374)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60378
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60378
    title Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0206.NASL
    description From Red Hat Security Advisory 2008:0206 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the 'lp' user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters 'imagetops' and 'imagetoraster'. An attacker could create a malicious GIF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1373) It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the 'pdftops' filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1374) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67674
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67674
    title Oracle Linux 3 / 4 : cups (ELSA-2008-0206)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-165.NASL
    description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as koffice (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16082
    published 2005-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16082
    title Mandrake Linux Security Advisory : koffice (MDKSA-2004:165)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-581.NASL
    description Chris Evans discovered several integer overflows in xpdf, a viewer for PDF files, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15679
    published 2004-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15679
    title Debian DSA-581-1 : xpdf - integer overflows
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-599.NASL
    description Chris Evans discovered several integer overflows in xpdf, that are also present in tetex-bin, binary files for the teTeX distribution, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15835
    published 2004-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15835
    title Debian DSA-599-1 : tetex-bin - integer overflows
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-122.NASL
    description A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. FEDORA-2004-337 attempted to correct this but the patch was incomplete. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16351
    published 2005-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16351
    title Fedora Core 2 : cups-1.1.20-11.11 (2005-122)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200501-31.NASL
    description The remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16422
    published 2005-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16422
    title GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_AD2F333726BF11D99289000C41E2CDAD.NASL
    description Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 19076
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19076
    title FreeBSD : xpdf -- integer overflow vulnerabilities (ad2f3337-26bf-11d9-9289-000c41e2cdad)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-166.NASL
    description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16083
    published 2005-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16083
    title Mandrake Linux Security Advisory : tetex (MDKSA-2004:166)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-354.NASL
    description Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17680
    published 2005-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17680
    title RHEL 2.1 / 3 : tetex (RHSA-2005:354)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0206.NASL
    description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the 'lp' user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters 'imagetops' and 'imagetoraster'. An attacker could create a malicious GIF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1373) It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the 'pdftops' filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1374) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31756
    published 2008-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31756
    title RHEL 3 / 4 : cups (RHSA-2008:0206)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-354.NASL
    description Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21809
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21809
    title CentOS 3 : tetex (CESA-2005:354)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0206.NASL
    description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the 'lp' user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters 'imagetops' and 'imagetoraster'. An attacker could create a malicious GIF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1373) It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the 'pdftops' filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the 'lp' user if the file was printed. (CVE-2008-1374) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31741
    published 2008-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31741
    title CentOS 3 / 4 : cups (CESA-2008:0206)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-348.NASL
    description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15544
    published 2004-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15544
    title Fedora Core 2 : xpdf-3.00-3.4 (2004-348)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-337.NASL
    description A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15578
    published 2004-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15578
    title Fedora Core 2 : cups-1.1.20-11.6 (2004-337)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-123.NASL
    description A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. FEDORA-2004-337 attempted to correct this but the patch was incomplete. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16352
    published 2005-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16352
    title Fedora Core 3 : cups-1.1.22-0.rc1.8.5 (2005-123)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-573.NASL
    description Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15671
    published 2004-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15671
    title Debian DSA-573-1 : cupsys - integer overflows
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-115.NASL
    description Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like kpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15550
    published 2004-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15550
    title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2004:115)
oval via4
accepted 2013-04-29T04:21:32.792-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
family unix
id oval:org.mitre.oval:def:9714
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2004:543
  • rhsa
    id RHSA-2004:592
  • rhsa
    id RHSA-2005:066
  • rhsa
    id RHSA-2005:354
refmap via4
bid 11501
conectiva CLA-2004:886
debian
  • DSA-573
  • DSA-581
  • DSA-599
fedora
  • FLSA:2352
  • FLSA:2353
gentoo
  • GLSA-200410-20
  • GLSA-200410-30
mandrake
  • MDKSA-2004:113
  • MDKSA-2004:114
  • MDKSA-2004:115
  • MDKSA-2004:116
suse SUSE-SA:2004:039
ubuntu USN-9-1
xf xpdf-pdf-bo(17818)
Last major update 07-12-2016 - 21:59
Published 27-01-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top