CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.securityfocus.com/bid/11501
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://marc.info/?l=bugtraq&m=109880927526773&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17819

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:easy_software_products:cups:1.0.4:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.12:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.13:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.20:::::::*
	cpe:2.3:a:gnome:gpdf:0.131:::::::*
	cpe:2.3:a:kde:koffice:1.3:::::::*
	cpe:2.3:a:kde:kpdf:3.2:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.32a:::::::*
	cpe:2.3:a:tetex:tetex:1.0.7:::::::*
	cpe:2.3:a:tetex:tetex:2.0:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.10:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.16:::::::*
	cpe:2.3:a:xpdf:xpdf:1.0:::::::*
	cpe:2.3:a:kde:koffice:1.3_beta2:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.7:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.35:::::::*
	cpe:2.3:a:easy_software_products:cups:1.0.4_8:::::::*
	cpe:2.3:a:gnome:gpdf:0.112:::::::*
	cpe:2.3:a:kde:koffice:1.3.3:::::::*
	cpe:2.3:a:kde:koffice:1.3_beta3:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.36:::::::*
	cpe:2.3:a:xpdf:xpdf:1.0a:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.17:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_3:::::::*
	cpe:2.3:a:kde:koffice:1.3_beta1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_5:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.1:::::::*
	cpe:2.3:a:xpdf:xpdf:0.93:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.18:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.19:::::::*
	cpe:2.3:a:xpdf:xpdf:1.1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.6:::::::*
	cpe:2.3:a:xpdf:xpdf:2.0:::::::*
	cpe:2.3:a:xpdf:xpdf:0.91:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.32b:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.15:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.33a:::::::*
	cpe:2.3:a:xpdf:xpdf:2.3:::::::*
	cpe:2.3:a:xpdf:xpdf:0.92:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.34:::::::*
	cpe:2.3:a:xpdf:xpdf:2.1:::::::*
	cpe:2.3:a:xpdf:xpdf:0.90:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0:::::::*
	cpe:2.3:a:tetex:tetex:2.0.2:::::::*
	cpe:2.3:a:tetex:tetex:2.0.1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.14:::::::*
	cpe:2.3:a:kde:koffice:1.3.1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_2:::::::*
	cpe:2.3:a:pdftohtml:pdftohtml:0.33:::::::*
	cpe:2.3:a:kde:koffice:1.3.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.0::alpha:::::
	cpe:2.3:o:debian:debian_linux:3.0::arm:::::
	cpe:2.3:o:debian:debian_linux:3.0::ppc:::::
	cpe:2.3:o:debian:debian_linux:3.0::s-390:::::
	cpe:2.3:o:kde:kde:3.3.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:debian:debian_linux:3.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::mips:::::
	cpe:2.3:o:debian:debian_linux:3.0::mipsel:::::
	cpe:2.3:o:kde:kde:3.2.3:::::::*
	cpe:2.3:o:kde:kde:3.3:::::::*
	cpe:2.3:o:suse:suse_linux:9.0:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:debian:debian_linux:3.0::m68k:::::
	cpe:2.3:o:suse:suse_linux:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-32:::::
	cpe:2.3:o:kde:kde:3.2.2:::::::*
	cpe:2.3:o:kde:kde:3.2.1:::::::*
	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
	cpe:2.3:o:suse:suse_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::sparc:::::
	cpe:2.3:o:debian:debian_linux:3.0::hppa:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:suse:suse_linux:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:suse:suse_linux:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:suse:suse_linux:9.1:::::::*
	cpe:2.3:o:kde:kde:3.2:::::::*
	cpe:2.3:o:gentoo:linux::::::::

Information

Published : 2005-01-26 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0889

Mitre link : CVE-2004-0889

JSON object : View

CWE

NVD-CWE-Other

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux
fedora_core
linux_advanced_workstation

gnome

gpdf

kde

kpdf
koffice
kde

gentoo

linux

tetex

tetex

easy_software_products

cups

suse

suse_linux

ubuntu

ubuntu_linux

pdftohtml

pdftohtml

debian

debian_linux

xpdf

xpdf

10.0 /10