ID CVE-2002-1384
Summary Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
References
Vulnerable Configurations
  • cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2002:295
  • rhsa
    id RHSA-2002:307
  • rhsa
    id RHSA-2003:037
  • rhsa
    id RHSA-2003:216
refmap via4
bid 6475
debian
  • DSA-222
  • DSA-226
  • DSA-232
gentoo GLSA-200301-1
mandrake
  • MDKSA-2003:001
  • MDKSA-2003:002
misc http://www.idefense.com/advisory/12.23.02.txt
suse SUSE-SA:2003:002
vulnwatch 20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops
xf pdftops-integer-overflow(10937)
Last major update 03-05-2018 - 01:29
Published 02-01-2003 - 05:00
Last modified 03-05-2018 - 01:29
Back to Top