CVE-2004-0888

Description

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Affected products

• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• easy_software_products / cups1.1.19_rc5 – 1.1.19_rc5
• easy_software_products / cups1.1.20 – 1.1.20
• easy_software_products / cups1.1.4_3 – 1.1.4_3
• easy_software_products / cups1.1.6 – 1.1.6
• easy_software_products / cups1.1.7 – 1.1.7
• easy_software_products / cups1.1.10 – 1.1.10
• easy_software_products / cups1.1.12 – 1.1.12
• easy_software_products / cups1.1.13 – 1.1.13
• easy_software_products / cups1.1.14 – 1.1.14
• easy_software_products / cups1.1.15 – 1.1.15
• easy_software_products / cups1.1.16 – 1.1.16
• easy_software_products / cups1.1.17 – 1.1.17
• easy_software_products / cups1.1.18 – 1.1.18
• easy_software_products / cups1.1.19 – 1.1.19
• easy_software_products / cups1.0.4_8 – 1.0.4_8
• easy_software_products / cups1.1.1 – 1.1.1
• easy_software_products / cups1.1.4 – 1.1.4
• easy_software_products / cups1.1.4_2 – 1.1.4_2
• easy_software_products / cups1.0.4 – 1.0.4
• easy_software_products / cups1.1.4_5 – 1.1.4_5
• gentoo / linux
• GNOME / gpdf0.112 – 0.112
• GNOME / gpdf0.131 – 0.131
• KDE / kde3.2.2 – 3.2.2
• KDE / kde3.3.1 – 3.3.1
• KDE / kde3.3 – 3.3
• KDE / kde3.2.3 – 3.2.3
• KDE / kde3.2.1 – 3.2.1
• KDE / kde3.2 – 3.2
• KDE / koffice1.3.1 – 1.3.1
• KDE / koffice1.3 – 1.3
• KDE / koffice1.3.3 – 1.3.3
• KDE / koffice1.3.2 – 1.3.2
• KDE / koffice1.3_beta1 – 1.3_beta1
• KDE / koffice1.3_beta2 – 1.3_beta2
• KDE / koffice1.3_beta3 – 1.3_beta3
• KDE / kpdf3.2 – 3.2
• pdftohtml / pdftohtml0.34 – 0.34
• pdftohtml / pdftohtml0.32a – 0.32a
• pdftohtml / pdftohtml0.32b – 0.32b
• pdftohtml / pdftohtml0.33 – 0.33
• pdftohtml / pdftohtml0.33a – 0.33a
• pdftohtml / pdftohtml0.35 – 0.35
• pdftohtml / pdftohtml0.36 – 0.36
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux_desktop3.0 – 3.0
• RedHat / fedora_corecore_2.0 – core_2.0
• RedHat / linux_advanced_workstation2.1 – 2.1
• RedHat / linux_advanced_workstation2.1 – 2.1
• SUSE / suse_linux9.2 – 9.2
• SUSE / suse_linux8.2 – 8.2
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.1 – 9.1
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.1 – 8.1
• tetex / tetex1.0.7 – 1.0.7
• tetex / tetex2.0 – 2.0
• tetex / tetex2.0.1 – 2.0.1
• tetex / tetex2.0.2 – 2.0.2
• Ubuntu / ubuntu_linux4.1 – 4.1
• Ubuntu / ubuntu_linux4.1 – 4.1
• Xpdf / Xpdf0.91 – 0.91
• Xpdf / Xpdf0.92 – 0.92
• Xpdf / Xpdf0.93 – 0.93
• Xpdf / Xpdf1.0 – 1.0
• Xpdf / Xpdf1.0a – 1.0a
• Xpdf / Xpdf1.1 – 1.1
• Xpdf / Xpdf2.0 – 2.0
• Xpdf / Xpdf2.1 – 2.1
• Xpdf / Xpdf2.3 – 2.3
• Xpdf / Xpdf3.0 – 3.0
• Xpdf / Xpdf0.90 – 0.90

References

• MISChttp://www.redhat.com/support/errata/RHSA-2004-592.html
• MISChttp://www.securityfocus.com/bid/11501
• MISChttp://www.redhat.com/support/errata/RHSA-2005-066.html
• VENDOR_ADVISORYhttps://www.ubuntu.com/usn/usn-9-1/
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:113
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-581
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-573
• MISChttps://bugzilla.fedora.us/show_bug.cgi?id=2353
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:116
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-599
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17818
• MISChttp://www.redhat.com/support/errata/RHSA-2005-354.html
• MISChttp://www.redhat.com/support/errata/RHSA-2004-543.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714
• MISChttp://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:114
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:115
• MAILING_LISThttp://marc.info/?l=bugtraq&m=109880927526773&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=110815379627883&w=2