Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Easy Software Products
  • Cups
Gentoo
  • Linux
Gnome
  • Gpdf
Kde
  • Kde
  • Koffice
  • Kpdf
Pdftohtml
  • Pdftohtml
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Fedora Core
  • Linux Advanced Workstation
Suse
  • Suse Linux
Tetex
  • Tetex
Ubuntu
  • Ubuntu Linux
Xpdf
  • Xpdf

Configuration 1 [-]

OR cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*
cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*
cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*
cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 3
cups-1:1.1.17-13.3.16 cpe:/o:redhat:enterprise_linux:3 RHSA-2004:543 2004-10-22T00:00:00Z
xpdf-1:2.02-9.3 cpe:/o:redhat:enterprise_linux:3 RHSA-2004:592 2004-10-27T00:00:00Z
tetex-0:1.0.7-67.7 cpe:/o:redhat:enterprise_linux:3 RHSA-2005:354 2005-04-01T00:00:00Z
Red Hat Enterprise Linux 4
kdegraphics-7:3.3.1-3.3 cpe:/o:redhat:enterprise_linux:4 RHSA-2005:066 2005-02-15T00:00:00Z
References
Link Providers
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=109880927526773&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=110815379627883&w=2 cve-icon cve-icon
http://www.debian.org/security/2004/dsa-573 cve-icon cve-icon
http://www.debian.org/security/2004/dsa-581 cve-icon cve-icon
http://www.debian.org/security/2004/dsa-599 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-543.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-592.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-066.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-354.html cve-icon cve-icon
http://www.securityfocus.com/bid/11501 cve-icon cve-icon
https://bugzilla.fedora.us/show_bug.cgi?id=2353 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2004-0888 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2004-0888 cve-icon
https://www.ubuntu.com/usn/usn-9-1/ cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-10-26T04:00:00

Updated: 2024-08-08T00:31:47.615Z

Reserved: 2004-09-22T00:00:00

Link: CVE-2004-0888

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-01-27T05:00:00.000

Modified: 2024-11-20T23:49:36.907

Link: CVE-2004-0888

cve-icon Redhat

Severity : Important

Publid Date: 2004-10-21T00:00:00Z

Links: CVE-2004-0888 - Bugzilla