Vulnerability Details : CVE-2004-1125
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
Vulnerability category: OverflowInput validationExecute codeDenial of service
Products affected by CVE-2004-1125
- cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1125
6.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1125
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2004-1125
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-1125
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2005-026.html
Support
-
http://www.redhat.com/support/errata/RHSA-2005-057.html
Support
-
http://securitytracker.com/id?1012646
Access Denied
-
http://www.redhat.com/support/errata/RHSA-2005-034.html
Support
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18641
Xpdf Gfx::doImage buffer overflow CVE-2004-1125 Vulnerability Report
-
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
CUPS: Multiple vulnerabilities (GLSA 200412-25) — Gentoo security
-
http://www.securityfocus.com/bid/12070
Patch;Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2005_01_sr.html
404 Page Not Found | SUSE
-
http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml
KPdf, KOffice: More vulnerabilities in included Xpdf (GLSA 200501-17) — Gentoo security
-
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
U.S. | Let There Be Change | Accenture
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
[Full-Disclosure] Mailing List Charter
-
http://www.redhat.com/support/errata/RHSA-2005-018.html
Support
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
-
https://usn.ubuntu.com/50-1/
404: Page not found | Ubuntu
-
http://marc.info/?t=110378596500001&r=1&w=2
'KDE Security Advisory: kpdf Buffer Overflow' thread - MARC
-
http://www.redhat.com/support/errata/RHSA-2005-066.html
Support
-
http://www.redhat.com/support/errata/RHSA-2005-053.html
Support
-
https://bugzilla.fedora.us/show_bug.cgi?id=2353
-
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
-
http://www.kde.org/info/security/advisory-20041223-1.txt
-
http://www.redhat.com/support/errata/RHSA-2005-354.html
Support
-
http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml
pdftohtml: Vulnerabilities in included Xpdf (GLSA 200501-13) — Gentoo security
-
http://www.redhat.com/support/errata/RHSA-2005-013.html
Support
-
https://bugzilla.fedora.us/show_bug.cgi?id=2352
Jump to