Vulnerability-Lookup

CVE-2003-0434 (GCVE-0-2003-0434)

Vulnerability from cvelistv5 – Published: 2003-06-18 04:00 – Updated: 2024-08-08 01:50

Summary

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
http://secunia.com/advisories/9038	third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRAKE
http://www.kb.cert.org/vuls/id/200132	third-party-advisoryx_refsource_CERT-VN
http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
http://www.redhat.com/support/errata/RHSA-2003-196.html	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/9037	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2003-197.html	vendor-advisoryx_refsource_REDHAT
http://marc.info/?l=bugtraq&m=105777963019186&w=2	mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Date Public

2003-06-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:48.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9038",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/9038"
          },
          {
            "name": "MDKSA-2003:071",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
          },
          {
            "name": "VU#200132",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/200132"
          },
          {
            "name": "20030613 -10Day CERT Advisory on PDF Files",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
          },
          {
            "name": "RHSA-2003:196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
          },
          {
            "name": "9037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/9037"
          },
          {
            "name": "RHSA-2003:197",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
          },
          {
            "name": "20030709 xpdf vulnerability - CAN-2003-0434",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:664",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9038",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/9038"
        },
        {
          "name": "MDKSA-2003:071",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
        },
        {
          "name": "VU#200132",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/200132"
        },
        {
          "name": "20030613 -10Day CERT Advisory on PDF Files",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
        },
        {
          "name": "RHSA-2003:196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
        },
        {
          "name": "9037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/9037"
        },
        {
          "name": "RHSA-2003:197",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
        },
        {
          "name": "20030709 xpdf vulnerability - CAN-2003-0434",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:664",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0434",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9038",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/9038"
            },
            {
              "name": "MDKSA-2003:071",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
            },
            {
              "name": "VU#200132",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/200132"
            },
            {
              "name": "20030613 -10Day CERT Advisory on PDF Files",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
            },
            {
              "name": "RHSA-2003:196",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
            },
            {
              "name": "9037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/9037"
            },
            {
              "name": "RHSA-2003:197",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
            },
            {
              "name": "20030709 xpdf vulnerability - CAN-2003-0434",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:664",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0434",
    "datePublished": "2003-06-18T04:00:00.000Z",
    "dateReserved": "2003-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-08T01:50:48.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2003-0434",
      "date": "2026-05-29",
      "epss": "0.25515",
      "percentile": "0.96319"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B453FA1D-0FE9-4324-9644-E167561926C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F6F859-B7B8-4072-B073-6CC8291D642E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4AD30B9-8FBA-48B3-B2B2-014C950B9BAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F0D201-B1DC-4024-AF77-A284673618F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*\", \"matchCriteriaId\": \"2641EE56-6F9D-400B-B456-877F4DA79B10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*\", \"matchCriteriaId\": \"E0B458EA-495E-40FA-9379-C03757F7B1EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*\", \"matchCriteriaId\": \"1728AB5D-55A9-46B0-A412-6F7263CAEB5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D46E093-1C68-43BB-B281-12117EC8DE0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E562907F-D915-4030-847A-3C6834A80D4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"138985E6-5107-4E8B-A801-C3D5FE075227\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"038FEDE7-986F-4CA5-9003-BA68352B87D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.\"}, {\"lang\": \"es\", \"value\": \"Varios visores de PDF, incluidos Adobe Acrobat 5.06 y Xpdf 1.01 permiten a atacantes remotos la ejecuci\\u00f3n arbitraria de comandos mediante metacaracteres de shell en un hiperv\\u00ednculo embebido.\"}]",
      "id": "CVE-2003-0434",
      "lastModified": "2024-11-20T23:44:43.847",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2003-07-24T04:00:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/9037\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/9038\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/200132\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2003:071\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-196.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-197.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/9037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/9038\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/200132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2003:071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-196.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-197.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0434\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-07-24T04:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.\"},{\"lang\":\"es\",\"value\":\"Varios visores de PDF, incluidos Adobe Acrobat 5.06 y Xpdf 1.01 permiten a atacantes remotos la ejecuci\u00f3n arbitraria de comandos mediante metacaracteres de shell en un hiperv\u00ednculo embebido.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B453FA1D-0FE9-4324-9644-E167561926C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F6F859-B7B8-4072-B073-6CC8291D642E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4AD30B9-8FBA-48B3-B2B2-014C950B9BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F0D201-B1DC-4024-AF77-A284673618F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*\",\"matchCriteriaId\":\"2641EE56-6F9D-400B-B456-877F4DA79B10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*\",\"matchCriteriaId\":\"E0B458EA-495E-40FA-9379-C03757F7B1EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*\",\"matchCriteriaId\":\"1728AB5D-55A9-46B0-A412-6F7263CAEB5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D46E093-1C68-43BB-B281-12117EC8DE0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E562907F-D915-4030-847A-3C6834A80D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138985E6-5107-4E8B-A801-C3D5FE075227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"038FEDE7-986F-4CA5-9003-BA68352B87D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/9037\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/9038\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/200132\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:071\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-196.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-197.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/9037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/9038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/200132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-196.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-197.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2003-0434

Vulnerability from fkie_nvd - Published: 2003-07-24 04:00 - Updated: 2026-04-16 00:27

Severity

Summary

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=105777963019186&w=2
cve@mitre.org	http://secunia.com/advisories/9037
cve@mitre.org	http://secunia.com/advisories/9038
cve@mitre.org	http://www.kb.cert.org/vuls/id/200132	US Government Resource
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2003:071
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-196.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-197.html	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=105777963019186&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/9037
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/9038
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/200132	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2003:071
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-196.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-197.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664

Impacted products

Vendor	Product	Version
adobe	acrobat	5.0.6
xpdf	xpdf	1.1
mandrakesoft	mandrake_linux	9.0
mandrakesoft	mandrake_linux	9.1
mandrakesoft	mandrake_linux_corporate_server	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	enterprise_linux	2.1
redhat	linux	7.1
redhat	linux	7.2
redhat	linux	7.3
redhat	linux	8.0
redhat	linux	9.0
redhat	linux_advanced_workstation	2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B453FA1D-0FE9-4324-9644-E167561926C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F6F859-B7B8-4072-B073-6CC8291D642E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AD30B9-8FBA-48B3-B2B2-014C950B9BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
    },
    {
      "lang": "es",
      "value": "Varios visores de PDF, incluidos Adobe Acrobat 5.06 y Xpdf 1.01 permiten a atacantes remotos la ejecuci\u00f3n arbitraria de comandos mediante metacaracteres de shell en un hiperv\u00ednculo embebido."
    }
  ],
  "id": "CVE-2003-0434",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-07-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/9037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/9038"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/200132"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/9037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/9038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/200132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-857W-P662-MPMP

Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2022-04-29 01:26

Details

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0434"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-07-24T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
  "id": "GHSA-857w-p662-mpmp",
  "modified": "2022-04-29T01:26:26Z",
  "published": "2022-04-29T01:26:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/9037"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/9038"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/200132"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2003-0434

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Aliases

CVE-2003-0434

Aliases

CVE-2003-0434

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0434",
    "description": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
    "id": "GSD-2003-0434",
    "references": [
      "https://www.suse.com/security/cve/CVE-2003-0434.html",
      "https://access.redhat.com/errata/RHSA-2003:216",
      "https://access.redhat.com/errata/RHSA-2003:197",
      "https://access.redhat.com/errata/RHSA-2003:196"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0434"
      ],
      "details": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
      "id": "GSD-2003-0434",
      "modified": "2023-12-13T01:22:12.843754Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0434",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "9038",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/9038"
          },
          {
            "name": "MDKSA-2003:071",
            "refsource": "MANDRAKE",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
          },
          {
            "name": "VU#200132",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/200132"
          },
          {
            "name": "20030613 -10Day CERT Advisory on PDF Files",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
          },
          {
            "name": "RHSA-2003:196",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
          },
          {
            "name": "9037",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/9037"
          },
          {
            "name": "RHSA-2003:197",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
          },
          {
            "name": "20030709 xpdf vulnerability - CAN-2003-0434",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:664",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0434"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:196",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-196.html"
            },
            {
              "name": "RHSA-2003:197",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-197.html"
            },
            {
              "name": "20030613 -10Day CERT Advisory on PDF Files",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html"
            },
            {
              "name": "VU#200132",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/200132"
            },
            {
              "name": "9037",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/9037"
            },
            {
              "name": "9038",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/9038"
            },
            {
              "name": "MDKSA-2003:071",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071"
            },
            {
              "name": "20030709 xpdf vulnerability - CAN-2003-0434",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=105777963019186\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:664",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:29Z",
      "publishedDate": "2003-07-24T04:00Z"
    }
  }
}

RHSA-2003:196

Vulnerability from csaf_redhat - Published: 2003-06-18 17:32 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: : Updated Xpdf packages fix security vulnerability.

Severity

Important

Notes

Topic: Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. [Updated 16 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability.

Details: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that, if activated or followed by a victim, can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a backported security patch that corrects this issue.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Affected products

Fixed 5 products

Product	Identifier	Version	Remediation
Red Hat Linux 7.1 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.1`	—	Vendor Fix fix
Red Hat Linux 7.2 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.2`	—	Vendor Fix fix
Red Hat Linux 7.3 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.3`	—	Vendor Fix fix
Red Hat Linux 8.0 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:8.0`	—	Vendor Fix fix
Red Hat Linux 9 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:9`	—	Vendor Fix fix

Threats

Impact Important

References

8 references

URL	Category
https://access.redhat.com/errata/RHSA-2003:196	self
http://lists.netsys.com/pipermail/full-disclosure…	external
https://bugzilla.redhat.com/show_bug.cgi?id=79680	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2003-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=1617032	external
https://www.cve.org/CVERecord?id=CVE-2003-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2003-0434	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Xpdf packages are available that fix a vulnerability where a\nmalicious PDF document could run arbitrary code.\n\n[Updated 16 July 2003]\nUpdated packages are now available, as the original errata packages did not\nfix all possible ways of exploiting this vulnerability.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers. An\nattacker can embed malicious external-type hyperlinks that, if activated or\nfollowed by a victim, can execute arbitrary shell commands.   The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these errata packages, which\ncontain a backported security patch that corrects this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:196",
        "url": "https://access.redhat.com/errata/RHSA-2003:196"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html"
      },
      {
        "category": "external",
        "summary": "79680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=79680"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_196.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated Xpdf packages fix security vulnerability.",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:08+00:00",
      "generator": {
        "date": "2025-11-21T17:26:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:196",
      "initial_release_date": "2003-06-18T17:32:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-18T17:32:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-18T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0434",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617032"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617032",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617032"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
        }
      ],
      "release_date": "2003-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-18T17:32:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:196"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:197

Vulnerability from csaf_redhat - Published: 2003-06-18 17:27 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: xpdf security update

Severity

Important

Notes

Topic: Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. [Updated 21 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability.

Details: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a patch correcting this issue.

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Affected products

Fixed 4 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::as`	—	Vendor Fix fix
Red Hat Enterprise Linux ES version 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::es`	—	Vendor Fix fix
Red Hat Enterprise Linux WS version 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::ws`	—	Vendor Fix fix
Red Hat Linux Advanced Workstation 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::aw`	—	Vendor Fix fix

Threats

Impact Important

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2003:197	self
https://access.redhat.com/security/updates/classi…	external
http://lists.netsys.com/pipermail/full-disclosure…	external
https://bugzilla.redhat.com/show_bug.cgi?id=98981	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2003-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=1617032	external
https://www.cve.org/CVERecord?id=CVE-2003-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2003-0434	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Xpdf packages are available that fix a vulnerability where a\nmalicious PDF document could run arbitrary code.\n\n[Updated 21 July 2003]\nUpdated packages are now available, as the original errata packages did not\nfix all possible ways of exploiting this vulnerability.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers.  An\nattacker can embed malicious external-type hyperlinks that if activated or\nfollowed by a victim can execute arbitrary shell commands.   The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these errata packages, which\ncontain a patch correcting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:197",
        "url": "https://access.redhat.com/errata/RHSA-2003:197"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html"
      },
      {
        "category": "external",
        "summary": "98981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=98981"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_197.json"
      }
    ],
    "title": "Red Hat Security Advisory: xpdf security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:09+00:00",
      "generator": {
        "date": "2025-11-21T17:26:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:197",
      "initial_release_date": "2003-06-18T17:27:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-18T17:27:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-18T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0434",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617032"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617032",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617032"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
        }
      ],
      "release_date": "2003-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-18T17:27:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:197"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:216

Vulnerability from csaf_redhat - Published: 2003-06-30 22:36 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: : : : Updated Xpdf packages fix security vulnerability

Severity

Important

Notes

Topic: Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code.

Details: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During an audit of CUPS, a printing system, Zen Parsec found an integer overflow vulnerability in the pdftops filter. Since the code for pdftops is taken from the Xpdf project, all versions of Xpdf including 2.01 are also vulnerable to this issue. An attacker could create a PDF file that could execute arbitrary code. This code would have the same access privileges as the user who viewed the file with Xpdf. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that, if activated or followed by a victim, can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these erratum packages, which contain a patch correcting this issue.

CVE-2002-1384

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Linux 7.1 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.1`	—	Vendor Fix fix

Threats

Impact Important

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Linux 7.1 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.1`	—	Vendor Fix fix

Threats

Impact Important

References

11 references

URL	Category
https://access.redhat.com/errata/RHSA-2003:216	self
http://lists.netsys.com/pipermail/full-disclosure…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2002-1384	self
https://bugzilla.redhat.com/show_bug.cgi?id=1616903	external
https://www.cve.org/CVERecord?id=CVE-2002-1384	external
https://nvd.nist.gov/vuln/detail/CVE-2002-1384	external
https://access.redhat.com/security/cve/CVE-2003-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=1617032	external
https://www.cve.org/CVERecord?id=CVE-2003-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2003-0434	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Xpdf packages are available that fix a vulnerability where a\nmalicious PDF document could run arbitrary code.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nDuring an audit of CUPS, a printing system, Zen Parsec found an integer\noverflow vulnerability in the pdftops filter. Since the code for pdftops is\ntaken from the Xpdf project, all versions of Xpdf including 2.01 are also\nvulnerable to this issue. An attacker could create a PDF file that could\nexecute arbitrary code. This code would have the same access privileges as\nthe user who viewed the file with Xpdf.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers.  An\nattacker can embed malicious external-type hyperlinks that, if activated or\nfollowed by a victim, can execute arbitrary shell commands.   The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these erratum packages, which\ncontain a patch correcting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:216",
        "url": "https://access.redhat.com/errata/RHSA-2003:216"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_216.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated Xpdf packages fix security vulnerability",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:14+00:00",
      "generator": {
        "date": "2025-11-21T17:26:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:216",
      "initial_release_date": "2003-06-30T22:36:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-30T22:36:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-30T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1384",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616903"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1384"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616903",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616903"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1384",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1384"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1384",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1384"
        }
      ],
      "release_date": "2002-12-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T22:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:216"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0434",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617032"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617032",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617032"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
        }
      ],
      "release_date": "2003-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T22:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:216"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_196

Vulnerability from csaf_redhat - Published: 2003-06-18 17:32 - Updated: 2024-11-21 22:46

Summary

Red Hat Security Advisory: : Updated Xpdf packages fix security vulnerability.

Severity

Important

Notes

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Affected products

Fixed 5 products

Product	Identifier	Version	Remediation
Red Hat Linux 7.1 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.1`	—	Vendor Fix fix
Red Hat Linux 7.2 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.2`	—	Vendor Fix fix
Red Hat Linux 7.3 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.3`	—	Vendor Fix fix
Red Hat Linux 8.0 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:8.0`	—	Vendor Fix fix
Red Hat Linux 9 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:9`	—	Vendor Fix fix

Threats

Impact Important

References

8 references

URL	Category
https://access.redhat.com/errata/RHSA-2003:196	self
http://lists.netsys.com/pipermail/full-disclosure…	external
https://bugzilla.redhat.com/show_bug.cgi?id=79680	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2003-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=1617032	external
https://www.cve.org/CVERecord?id=CVE-2003-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2003-0434	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Xpdf packages are available that fix a vulnerability where a\nmalicious PDF document could run arbitrary code.\n\n[Updated 16 July 2003]\nUpdated packages are now available, as the original errata packages did not\nfix all possible ways of exploiting this vulnerability.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers. An\nattacker can embed malicious external-type hyperlinks that, if activated or\nfollowed by a victim, can execute arbitrary shell commands.   The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these errata packages, which\ncontain a backported security patch that corrects this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:196",
        "url": "https://access.redhat.com/errata/RHSA-2003:196"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html"
      },
      {
        "category": "external",
        "summary": "79680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=79680"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_196.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated Xpdf packages fix security vulnerability.",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:32+00:00",
      "generator": {
        "date": "2024-11-21T22:46:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:196",
      "initial_release_date": "2003-06-18T17:32:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-18T17:32:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-18T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0434",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617032"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617032",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617032"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
        }
      ],
      "release_date": "2003-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-18T17:32:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:196"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_197

Vulnerability from csaf_redhat - Published: 2003-06-18 17:27 - Updated: 2024-11-21 22:46

Summary

Red Hat Security Advisory: xpdf security update

Severity

Important

Notes

Details: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a patch correcting this issue.

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Affected products

Fixed 4 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::as`	—	Vendor Fix fix
Red Hat Enterprise Linux ES version 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::es`	—	Vendor Fix fix
Red Hat Enterprise Linux WS version 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::ws`	—	Vendor Fix fix
Red Hat Linux Advanced Workstation 2.1 Red Hat / Red Hat Enterprise Linux	`cpe:/o:redhat:enterprise_linux:2.1::aw`	—	Vendor Fix fix

Threats

Impact Important

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2003:197	self
https://access.redhat.com/security/updates/classi…	external
http://lists.netsys.com/pipermail/full-disclosure…	external
https://bugzilla.redhat.com/show_bug.cgi?id=98981	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2003-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=1617032	external
https://www.cve.org/CVERecord?id=CVE-2003-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2003-0434	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Xpdf packages are available that fix a vulnerability where a\nmalicious PDF document could run arbitrary code.\n\n[Updated 21 July 2003]\nUpdated packages are now available, as the original errata packages did not\nfix all possible ways of exploiting this vulnerability.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers.  An\nattacker can embed malicious external-type hyperlinks that if activated or\nfollowed by a victim can execute arbitrary shell commands.   The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these errata packages, which\ncontain a patch correcting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:197",
        "url": "https://access.redhat.com/errata/RHSA-2003:197"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html"
      },
      {
        "category": "external",
        "summary": "98981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=98981"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_197.json"
      }
    ],
    "title": "Red Hat Security Advisory: xpdf security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:36+00:00",
      "generator": {
        "date": "2024-11-21T22:46:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:197",
      "initial_release_date": "2003-06-18T17:27:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-18T17:27:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-18T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0434",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617032"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617032",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617032"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
        }
      ],
      "release_date": "2003-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-18T17:27:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:197"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_216

Vulnerability from csaf_redhat - Published: 2003-06-30 22:36 - Updated: 2024-11-21 22:46

Summary

Red Hat Security Advisory: : : : Updated Xpdf packages fix security vulnerability

Severity

Important

Notes

Topic: Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code.

CVE-2002-1384

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Linux 7.1 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.1`	—	Vendor Fix fix

Threats

Impact Important

CVE-2003-0434

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Linux 7.1 Red Hat / Red Hat Linux	`cpe:/o:redhat:linux:7.1`	—	Vendor Fix fix

Threats

Impact Important

References

11 references

URL	Category
https://access.redhat.com/errata/RHSA-2003:216	self
http://lists.netsys.com/pipermail/full-disclosure…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2002-1384	self
https://bugzilla.redhat.com/show_bug.cgi?id=1616903	external
https://www.cve.org/CVERecord?id=CVE-2002-1384	external
https://nvd.nist.gov/vuln/detail/CVE-2002-1384	external
https://access.redhat.com/security/cve/CVE-2003-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=1617032	external
https://www.cve.org/CVERecord?id=CVE-2003-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2003-0434	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Xpdf packages are available that fix a vulnerability where a\nmalicious PDF document could run arbitrary code.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Xpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nDuring an audit of CUPS, a printing system, Zen Parsec found an integer\noverflow vulnerability in the pdftops filter. Since the code for pdftops is\ntaken from the Xpdf project, all versions of Xpdf including 2.01 are also\nvulnerable to this issue. An attacker could create a PDF file that could\nexecute arbitrary code. This code would have the same access privileges as\nthe user who viewed the file with Xpdf.\n\nMartyn Gilmore discovered a flaw in various PDF viewers and readers.  An\nattacker can embed malicious external-type hyperlinks that, if activated or\nfollowed by a victim, can execute arbitrary shell commands.   The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0434 to this issue.\n\nAll users of Xpdf are advised to upgrade to these erratum packages, which\ncontain a patch correcting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:216",
        "url": "https://access.redhat.com/errata/RHSA-2003:216"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_216.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated Xpdf packages fix security vulnerability",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:41+00:00",
      "generator": {
        "date": "2024-11-21T22:46:41+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:216",
      "initial_release_date": "2003-06-30T22:36:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-30T22:36:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-30T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:41+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1384",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616903"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1384"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616903",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616903"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1384",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1384"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1384",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1384"
        }
      ],
      "release_date": "2002-12-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T22:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:216"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0434",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617032"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617032",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617032"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0434"
        }
      ],
      "release_date": "2003-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-30T22:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:216"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2003-0434 (GCVE-0-2003-0434)

Tags

Sightings

Nomenclature