CVE-2004-0888

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

References

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886

http://marc.info/?l=bugtraq&m=109880927526773&w=2

http://marc.info/?l=bugtraq&m=110815379627883&w=2

http://www.debian.org/security/2004/dsa-573

http://www.debian.org/security/2004/dsa-581

http://www.debian.org/security/2004/dsa-599

http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2004:113

http://www.mandriva.com/security/advisories?name=MDKSA-2004:114

http://www.mandriva.com/security/advisories?name=MDKSA-2004:115

http://www.mandriva.com/security/advisories?name=MDKSA-2004:116

http://www.redhat.com/support/errata/RHSA-2004-543.html

http://www.redhat.com/support/errata/RHSA-2004-592.html

http://www.redhat.com/support/errata/RHSA-2005-066.html

http://www.redhat.com/support/errata/RHSA-2005-354.html

http://www.securityfocus.com/bid/11501

https://bugzilla.fedora.us/show_bug.cgi?id=2353

https://exchange.xforce.ibmcloud.com/vulnerabilities/17818

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714

https://www.ubuntu.com/usn/usn-9-1/

Details

Source: MITRE

Published: 2005-01-27

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*

cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*

cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
67674Oracle Linux 3 / 4 : cups (ELSA-2008-0206)NessusOracle Linux Local Security Checks
critical
60378Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
31756RHEL 3 / 4 : cups (RHSA-2008:0206)NessusRed Hat Local Security Checks
critical
31741CentOS 3 / 4 : cups (CESA-2008:0206)NessusCentOS Local Security Checks
critical
21809CentOS 3 : tetex (CESA-2005:354)NessusCentOS Local Security Checks
critical
20715Ubuntu 4.10 : tetex-bin vulnerabilities (USN-9-1)NessusUbuntu Local Security Checks
critical
20532Ubuntu 4.10 : xpdf vulnerabilities (USN-14-1)NessusUbuntu Local Security Checks
critical
19076FreeBSD : xpdf -- integer overflow vulnerabilities (ad2f3337-26bf-11d9-9289-000c41e2cdad)NessusFreeBSD Local Security Checks
critical
2878Mac OS X Multiple Vulnerabilities (Security Update 2005-005)Nessus Network MonitorWeb Clients
high
17680RHEL 2.1 / 3 : tetex (RHSA-2005:354)NessusRed Hat Local Security Checks
critical
17178RHEL 4 : kdegraphics (RHSA-2005:066)NessusRed Hat Local Security Checks
critical
17174RHEL 4 : CUPS (RHSA-2005:053)NessusRed Hat Local Security Checks
critical
16422GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
16352Fedora Core 3 : cups-1.1.22-0.rc1.8.5 (2005-123)NessusFedora Local Security Checks
critical
16351Fedora Core 2 : cups-1.1.20-11.11 (2005-122)NessusFedora Local Security Checks
critical
16083Mandrake Linux Security Advisory : tetex (MDKSA-2004:166)NessusMandriva Local Security Checks
critical
16082Mandrake Linux Security Advisory : koffice (MDKSA-2004:165)NessusMandriva Local Security Checks
critical
15835Debian DSA-599-1 : tetex-bin - integer overflowsNessusDebian Local Security Checks
critical
15792GLSA-200411-30 : pdftohtml: Vulnerabilities in included XpdfNessusGentoo Local Security Checks
critical
15679Debian DSA-581-1 : xpdf - integer overflowsNessusDebian Local Security Checks
critical
15671Debian DSA-573-1 : cupsys - integer overflowsNessusDebian Local Security Checks
critical
15632RHEL 2.1 / 3 : xpdf (RHSA-2004:592)NessusRed Hat Local Security Checks
critical
15630RHEL 3 : cups (RHSA-2004:543)NessusRed Hat Local Security Checks
critical
15584Fedora Core 2 : kdegraphics-3.2.2-1.1 (2004-357)NessusFedora Local Security Checks
critical
15582GLSA-200410-30 : GPdf, KPDF, KOffice: Vulnerabilities in included xpdfNessusGentoo Local Security Checks
critical
15578Fedora Core 2 : cups-1.1.20-11.6 (2004-337)NessusFedora Local Security Checks
critical
15569SUSE-SA:2004:039: xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cupsNessusSuSE Local Security Checks
critical
15551Mandrake Linux Security Advisory : cups (MDKSA-2004:116)NessusMandriva Local Security Checks
critical
15550Mandrake Linux Security Advisory : kdegraphics (MDKSA-2004:115)NessusMandriva Local Security Checks
critical
15549Mandrake Linux Security Advisory : gpdf (MDKSA-2004:114)NessusMandriva Local Security Checks
critical
15548Mandrake Linux Security Advisory : xpdf (MDKSA-2004:113)NessusMandriva Local Security Checks
critical
15544Fedora Core 2 : xpdf-3.00-3.4 (2004-348)NessusFedora Local Security Checks
critical
15539GLSA-200410-20 : Xpdf, CUPS: Multiple integer overflowsNessusGentoo Local Security Checks
critical