CVE-2004-0889

11 documents8 sources

Severity

10.0CRITICAL

EPSS

3.4%

top 12.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Easy Software Products Cups Gnome Gpdf +12 more

Timeline

PublishedJan 27

Latest updateApr 29

Description

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages13 packages

▶Debianxpdf< 3.00-10+3

▶NVDxpdf/xpdf11 versions+10

▶NVDeasy_software_products/cups20 versions+19

▶NVDkde/kde6 versions+5

▶NVDkde/kpdf3.2

Also affects: Debian Linux 3.0, Ubuntu Linux 4.1, Enterprise Linux 2.1, 3.0

Patches

Patch: www.gentoo.org ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-xwjm-m85h-4ff8: Multiple integer overflows in xpdf 3↗2022-04-29

▶

OSV

CVE-2004-0889: Multiple integer overflows in xpdf 3↗2005-01-27

▶

CVEList

CVE-2004-0889: Multiple integer overflows in xpdf 3↗2004-10-26

▶

📋Vendor Advisories

Ubuntu

xpdf vulnerabilities↗2004-11-02

▶

Ubuntu

xpdf vulnerabilities↗2004-10-23

▶

Red Hat

security flaw↗2004-10-21

▶

Debian

CVE-2004-0889: xpdf - Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code su...↗2004

▶

💬Community

Bugzilla

CVE-2004-0888 security flaw↗2018-08-16

▶