CVE-2004-0888

18 documents8 sources

Severity

10.0CRITICAL

EPSS

4.4%

top 10.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Easy Software Products Cups Gnome Gpdf +12 more

Timeline

PublishedJan 27

Latest updateApr 29

Description

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages14 packages

▶Debianxpdf< 3.00-9+3

▶NVDxpdf/xpdf11 versions+10

▶Debiancups< 1.1.22-6+3

▶NVDgnome/gpdf0.112, 0.131+1

▶NVDeasy_software_products/cups20 versions+19

Also affects: Debian Linux 3.0, Ubuntu Linux 4.1, Enterprise Linux 2.1, 3.0

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-x479-x3mc-r9mr: Multiple integer overflows in xpdf 2↗2022-04-29

▶

OSV

CVE-2004-0888: Multiple integer overflows in xpdf 2↗2005-01-27

▶

CVEList

CVE-2004-0888: Multiple integer overflows in xpdf 2↗2004-10-26

▶

📋Vendor Advisories

Red Hat

cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206↗2008-04-01

▶

Ubuntu

xpdf vulnerabilities↗2004-11-02

▶

Ubuntu

tetex-bin vulnerabilities↗2004-10-28

▶

Red Hat

security flaw↗2004-10-21

▶

Red Hat

security flaw↗2004-10-20

▶

💬Community

Bugzilla

CVE-2004-0888 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-0206 security flaw↗2018-08-16

▶

Bugzilla

CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206↗2008-03-20

▶

Bugzilla

CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)↗2005-02-08

▶

Bugzilla

CAN-2004-0888 xpdf issues affect cups↗2004-10-12

▶