CVE-2004-0889 : Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code su

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

Published 2005-01-27 05:00:00

Updated 2017-07-11 01:30:33

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2004-0889

Debian » Debian Linux » Version: 3.0
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 PPC Edition
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 S-390 Edition
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Mips Edition
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Mipsel Edition
cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Alpha Edition
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 ARM Edition
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Hppa Edition
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Sparc Edition
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Ia-64 Edition
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 M68k Edition
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Ia-32 Edition
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Advanced Server Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Workstation Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Workstation Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Advanced Server Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Enterprise Server Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Enterprise Server Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Enterprise Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Workstation Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Advanced Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 3.0
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
Matching versions
Redhat » Linux Advanced Workstation » Version: 2.1 Ia64 Edition
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
Matching versions
Redhat » Fedora Core » Version: Core 2.0
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
Matching versions
Ubuntu » Ubuntu Linux » Version: 4.1 PPC Edition
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
Matching versions
Ubuntu » Ubuntu Linux » Version: 4.1 Ia64 Edition
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.0
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0 X86 64 Edition
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.2.1
cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.2
cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.3.1
cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.2.2
cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.2.3
cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
Matching versions
KDE » KDE » Version: 3.3
cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3 Beta3
cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3.2
cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3.3
cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3
cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3.1
cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3 Beta1
cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*
Matching versions
KDE » Koffice » Version: 1.3 Beta2
cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*
Matching versions
KDE » Kpdf » Version: 3.2
cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*
Matching versions
Gnome » Gpdf » Version: 0.112
cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*
Matching versions
Gnome » Gpdf » Version: 0.131
cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.90
cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 1.0a
cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 1.1
cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.0
cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.1
cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.91
cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 1.0
cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.3
cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.92
cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.93
cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.1
cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.10
cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.17
cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.4
cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.13
cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.14
cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.0.4
cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.6
cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.7
cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.0.4 8
cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.4 3
cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.4 5
cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.4 2
cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.18
cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.12
cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.15
cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.16
cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.19
cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.19 Rc5
cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
Matching versions
Easy Software Products » Cups » Version: 1.1.20
cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
Matching versions
Tetex » Tetex » Version: 1.0.7
cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
Matching versions
Tetex » Tetex » Version: 2.0.2
cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
Matching versions
Tetex » Tetex » Version: 2.0
cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*
Matching versions
Tetex » Tetex » Version: 2.0.1
cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.36
cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.33
cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.33a
cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.32a
cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.32b
cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.34
cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*
Matching versions
Pdftohtml » Pdftohtml » Version: 0.35
cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0889

EPSS FAQ

3.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0889

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-0889

http://www.securityfocus.com/bid/11501

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/17819

XPDF multiple integer overflows CVE-2004-0889 Vulnerability Report
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml

GPdf, KPDF, KOffice: Vulnerabilities in included xpdf (GLSA 200410-30) — Gentoo security

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109880927526773&w=2

'SUSE Security Announcement: xpdf, gpdf, kpdf, pdftohtml, cups' - MARC

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml

Xpdf, CUPS: Multiple integer overflows (GLSA 200410-20) — Gentoo security
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113

Mandriva

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2004-0889

Products affected by CVE-2004-0889

Exploit prediction scoring system (EPSS) score for CVE-2004-0889

CVSS scores for CVE-2004-0889

References for CVE-2004-0889