Vulnerability Details : CVE-2004-0888
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2004-0888
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*
- cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0888
7.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0888
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-0888
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
Mandriva
-
http://marc.info/?l=bugtraq&m=110815379627883&w=2
'[FLSA-2005:2352] Updated Xpdf package fixes security issues' - MARC
-
http://www.securityfocus.com/bid/11501
Patch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
Mandriva
-
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
-
http://www.debian.org/security/2004/dsa-599
[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
-
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
GPdf, KPDF, KOffice: Vulnerabilities in included xpdf (GLSA 200410-30) — Gentoo security
-
http://www.debian.org/security/2004/dsa-573
[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17818
XPDF multiple integer overflows CVE-2005-0206 Vulnerability Report
-
https://www.ubuntu.com/usn/usn-9-1/
USN-9-1: tetex-bin vulnerabilities | Ubuntu security notices | Ubuntu
-
http://marc.info/?l=bugtraq&m=109880927526773&w=2
'SUSE Security Announcement: xpdf, gpdf, kpdf, pdftohtml, cups' - MARC
-
http://www.redhat.com/support/errata/RHSA-2005-066.html
Support
-
http://www.debian.org/security/2004/dsa-581
[SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution
-
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
Xpdf, CUPS: Multiple integer overflows (GLSA 200410-20) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
Mandriva
-
https://bugzilla.fedora.us/show_bug.cgi?id=2353
-
http://www.redhat.com/support/errata/RHSA-2004-592.html
Support
-
http://www.redhat.com/support/errata/RHSA-2004-543.html
SupportPatch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2005-354.html
Support
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
Mandriva
Jump to