CVE-2004-0889

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

References

http://marc.info/?l=bugtraq&m=109880927526773&w=2

http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2004:113

http://www.securityfocus.com/bid/11501

https://exchange.xforce.ibmcloud.com/vulnerabilities/17819

Details

Source: MITRE

Published: 2005-01-27

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*

cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*

cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*

cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*

cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*

cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*

cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*

cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
20614Ubuntu 4.10 : xpdf vulnerabilities (USN-2-1)NessusUbuntu Local Security Checks
critical
20532Ubuntu 4.10 : xpdf vulnerabilities (USN-14-1)NessusUbuntu Local Security Checks
critical
19076FreeBSD : xpdf -- integer overflow vulnerabilities (ad2f3337-26bf-11d9-9289-000c41e2cdad)NessusFreeBSD Local Security Checks
critical
2878Mac OS X Multiple Vulnerabilities (Security Update 2005-005)Nessus Network MonitorWeb Clients
high
16422GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
15582GLSA-200410-30 : GPdf, KPDF, KOffice: Vulnerabilities in included xpdfNessusGentoo Local Security Checks
critical
15569SUSE-SA:2004:039: xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cupsNessusSuSE Local Security Checks
critical
15548Mandrake Linux Security Advisory : xpdf (MDKSA-2004:113)NessusMandriva Local Security Checks
critical
15539GLSA-200410-20 : Xpdf, CUPS: Multiple integer overflowsNessusGentoo Local Security Checks
critical