Vulnerabilites related to gnome - gpdf
CVE-2004-0888 (GCVE-0-2004-0888)
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2004:592", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-592.html" }, { "name": "11501", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11501" }, { "name": "RHSA-2005:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-066.html" }, { "name": "USN-9-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://www.ubuntu.com/usn/usn-9-1/" }, { "name": "MDKSA-2004:113", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "name": "GLSA-200410-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "name": "DSA-581", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-581" }, { "name": "DSA-573", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-573" }, { "name": "FLSA:2353", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353" }, { "name": "MDKSA-2004:116", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:116" }, { "name": "DSA-599", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2004/dsa-599" }, { "name": "xpdf-pdf-bo(17818)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "name": "RHSA-2005:354", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" }, { "name": "RHSA-2004:543", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-543.html" }, { "name": "oval:org.mitre.oval:def:9714", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714" }, { "name": "CLA-2004:886", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000886" }, { "name": "MDKSA-2004:114", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:114" }, { "name": "GLSA-200410-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "name": "MDKSA-2004:115", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:115" }, { "name": "SUSE-SA:2004:039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "name": "FLSA:2352", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=110815379627883\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2004:592", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-592.html" }, { "name": "11501", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11501" }, { "name": "RHSA-2005:066", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-066.html" }, { "name": "USN-9-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://www.ubuntu.com/usn/usn-9-1/" }, { "name": "MDKSA-2004:113", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "name": "GLSA-200410-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "name": "DSA-581", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-581" }, { "name": "DSA-573", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-573" }, { "name": "FLSA:2353", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353" }, { "name": "MDKSA-2004:116", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:116" }, { "name": "DSA-599", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2004/dsa-599" }, { "name": "xpdf-pdf-bo(17818)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "name": "RHSA-2005:354", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" }, { "name": "RHSA-2004:543", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-543.html" }, { "name": "oval:org.mitre.oval:def:9714", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714" }, { "name": "CLA-2004:886", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000886" }, { "name": "MDKSA-2004:114", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:114" }, { "name": "GLSA-200410-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "name": "MDKSA-2004:115", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:115" }, { "name": "SUSE-SA:2004:039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "name": "FLSA:2352", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=110815379627883\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0888", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2004:592", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-592.html" }, { "name": "11501", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11501" }, { "name": "RHSA-2005:066", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-066.html" }, { "name": "USN-9-1", "refsource": "UBUNTU", "url": "https://www.ubuntu.com/usn/usn-9-1/" }, { "name": "MDKSA-2004:113", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "name": "GLSA-200410-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "name": "DSA-581", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-581" }, { "name": "DSA-573", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-573" }, { "name": "FLSA:2353", "refsource": "FEDORA", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353" }, { "name": "MDKSA-2004:116", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:116" }, { "name": "DSA-599", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-599" }, { "name": "xpdf-pdf-bo(17818)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "name": "RHSA-2005:354", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" }, { "name": "RHSA-2004:543", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-543.html" }, { "name": "oval:org.mitre.oval:def:9714", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714" }, { "name": "CLA-2004:886", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000886" }, { "name": "MDKSA-2004:114", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:114" }, { "name": "GLSA-200410-30", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "name": "MDKSA-2004:115", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:115" }, { "name": "SUSE-SA:2004:039", "refsource": "SUSE", "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "name": "FLSA:2352", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=110815379627883\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0888", "datePublished": "2004-10-26T04:00:00", "dateReserved": "2004-09-22T00:00:00", "dateUpdated": "2024-08-08T00:31:47.615Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0889 (GCVE-0-2004-0889)
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:48.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "11501", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11501" }, { "name": "MDKSA-2004:113", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "name": "GLSA-200410-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "name": "GLSA-200410-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "name": "xpdf-pdf-file-bo(17819)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17819" }, { "name": "SUSE-SA:2004:039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-10-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "11501", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11501" }, { "name": "MDKSA-2004:113", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "name": "GLSA-200410-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "name": "GLSA-200410-30", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "name": "xpdf-pdf-file-bo(17819)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17819" }, { "name": "SUSE-SA:2004:039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0889", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "11501", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11501" }, { "name": "MDKSA-2004:113", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "name": "GLSA-200410-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "name": "GLSA-200410-30", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "name": "xpdf-pdf-file-bo(17819)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17819" }, { "name": "SUSE-SA:2004:039", "refsource": "SUSE", "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0889", "datePublished": "2004-10-26T04:00:00", "dateReserved": "2004-09-22T00:00:00", "dateUpdated": "2024-08-08T00:31:48.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0206 (GCVE-0-2005-0206)
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:05:25.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:11107", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107" }, { "name": "MDKSA-2005:041", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041" }, { "name": "11501", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11501" }, { "name": "RHSA-2005:034", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" }, { "name": "MDKSA-2005:056", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056" }, { "name": "MDKSA-2005:043", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043" }, { "name": "RHSA-2005:213", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-213.html" }, { "name": "MDKSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044" }, { "name": "RHSA-2005:053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" }, { "name": "xpdf-pdf-bo(17818)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "name": "MDKSA-2005:052", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" }, { "name": "RHSA-2005:132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-132.html" }, { "name": "MDKSA-2005:042", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042" }, { "name": "RHSA-2005:057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:11107", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107" }, { "name": "MDKSA-2005:041", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041" }, { "name": "11501", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11501" }, { "name": "RHSA-2005:034", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" }, { "name": "MDKSA-2005:056", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056" }, { "name": "MDKSA-2005:043", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043" }, { "name": "RHSA-2005:213", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-213.html" }, { "name": "MDKSA-2005:044", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044" }, { "name": "RHSA-2005:053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" }, { "name": "xpdf-pdf-bo(17818)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "name": "MDKSA-2005:052", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" }, { "name": "RHSA-2005:132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-132.html" }, { "name": "MDKSA-2005:042", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042" }, { "name": "RHSA-2005:057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0206", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:11107", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107" }, { "name": "MDKSA-2005:041", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041" }, { "name": "11501", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11501" }, { "name": "RHSA-2005:034", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" }, { "name": "MDKSA-2005:056", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056" }, { "name": "MDKSA-2005:043", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043" }, { "name": "RHSA-2005:213", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-213.html" }, { "name": "MDKSA-2005:044", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044" }, { "name": "RHSA-2005:053", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" }, { "name": "xpdf-pdf-bo(17818)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "name": "MDKSA-2005:052", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" }, { "name": "RHSA-2005:132", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-132.html" }, { "name": "MDKSA-2005:042", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042" }, { "name": "RHSA-2005:057", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0206", "datePublished": "2005-02-15T05:00:00", "dateReserved": "2005-02-01T00:00:00", "dateUpdated": "2024-08-07T21:05:25.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-3604 (GCVE-0-2009-3604)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39938" }, { "name": "37042", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37042" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "name": "MDVSA-2009:287", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "name": "37028", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37028" }, { "name": "FEDORA-2010-1377", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://site.pi3.com.pl/adv/xpdf.txt" }, { "name": "FEDORA-2009-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "name": "RHSA-2009:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "name": "37079", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37079" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "xpdf-splashdrawimage-bo(53795)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795" }, { "name": "DSA-2028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2028" }, { "name": "DSA-2050", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2050" }, { "name": "37159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37159" }, { "name": "FEDORA-2010-1805", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "name": "1021706", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "name": "FEDORA-2009-10845", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "name": "RHSA-2009:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "name": "37114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37114" }, { "name": "37077", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37077" }, { "name": "1023029", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023029" }, { "name": "RHSA-2009:1503", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2" }, { "name": "MDVSA-2011:175", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "name": "oval:org.mitre.oval:def:10969", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969" }, { "name": "37037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37037" }, { "name": "ADV-2010-1040", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1040" }, { "name": "USN-850-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "name": "ADV-2010-0802", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "name": "RHSA-2009:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "name": "FEDORA-2010-1842", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2" }, { "name": "RHSA-2009:1500", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "name": "ADV-2009-2928", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911" }, { "name": "37023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37023" }, { "name": "ADV-2009-2924", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "name": "MDVSA-2010:087", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" }, { "name": "274030", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "name": "ADV-2010-1220", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "name": "USN-850-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "name": "37053", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37053" }, { "name": "39327", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39327" }, { "name": "37043", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37043" }, { "name": "36703", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36703" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "39938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39938" }, { "name": "37042", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37042" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "name": "MDVSA-2009:287", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "name": "37028", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37028" }, { "name": "FEDORA-2010-1377", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://site.pi3.com.pl/adv/xpdf.txt" }, { "name": "FEDORA-2009-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "name": "RHSA-2009:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "name": "37079", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37079" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "xpdf-splashdrawimage-bo(53795)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795" }, { "name": "DSA-2028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2028" }, { "name": "DSA-2050", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2050" }, { "name": "37159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37159" }, { "name": "FEDORA-2010-1805", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "name": "1021706", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "name": "FEDORA-2009-10845", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "name": "RHSA-2009:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "name": "37114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37114" }, { "name": "37077", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37077" }, { "name": "1023029", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023029" }, { "name": "RHSA-2009:1503", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2" }, { "name": "MDVSA-2011:175", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "name": "oval:org.mitre.oval:def:10969", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969" }, { "name": "37037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37037" }, { "name": "ADV-2010-1040", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1040" }, { "name": "USN-850-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "name": "ADV-2010-0802", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "name": "RHSA-2009:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "name": "FEDORA-2010-1842", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2" }, { "name": "RHSA-2009:1500", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "name": "ADV-2009-2928", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911" }, { "name": "37023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37023" }, { "name": "ADV-2009-2924", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "name": "MDVSA-2010:087", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" }, { "name": "274030", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "name": "ADV-2010-1220", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "name": "USN-850-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "name": "37053", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37053" }, { "name": "39327", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39327" }, { "name": "37043", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37043" }, { "name": "36703", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36703" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3604", "datePublished": "2009-10-21T17:00:00", "dateReserved": "2009-10-09T00:00:00", "dateUpdated": "2024-08-07T06:31:10.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-3609 (GCVE-0-2009-3609)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39938" }, { "name": "RHSA-2009:1504", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "name": "MDVSA-2009:287", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "name": "37028", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37028" }, { "name": "FEDORA-2010-1377", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "name": "FEDORA-2009-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://poppler.freedesktop.org/" }, { "name": "RHSA-2009:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "name": "37079", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37079" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "oval:org.mitre.oval:def:8134", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134" }, { "name": "DSA-2028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2028" }, { "name": "DSA-2050", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2050" }, { "name": "37159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37159" }, { "name": "37054", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37054" }, { "name": "FEDORA-2010-1805", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "name": "1021706", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "name": "FEDORA-2009-10845", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "name": "RHSA-2009:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "name": "37114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37114" }, { "name": "37077", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37077" }, { "name": "oval:org.mitre.oval:def:11043", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043" }, { "name": "1023029", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023029" }, { "name": "RHSA-2009:1503", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "name": "ADV-2009-2926", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "name": "MDVSA-2011:175", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893" }, { "name": "xpdf-imagestream-dos(53800)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800" }, { "name": "37037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37037" }, { "name": "USN-850-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "name": "ADV-2010-0802", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "name": "RHSA-2009:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "name": "FEDORA-2010-1842", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "name": "RHSA-2009:1500", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "name": "ADV-2009-2928", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "name": "RHSA-2009:1513", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "name": "37034", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37034" }, { "name": "37023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37023" }, { "name": "ADV-2009-2924", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "name": "37051", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37051" }, { "name": "274030", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "name": "ADV-2010-1220", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "name": "USN-850-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "name": "37061", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37061" }, { "name": "39327", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39327" }, { "name": "37043", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37043" }, { "name": "36703", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36703" }, { "name": "ADV-2009-2925", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "name": "RHSA-2010:0755", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html" }, { "name": "MDVSA-2009:334", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "39938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39938" }, { "name": "RHSA-2009:1504", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "name": "MDVSA-2009:287", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "name": "37028", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37028" }, { "name": "FEDORA-2010-1377", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "name": "FEDORA-2009-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://poppler.freedesktop.org/" }, { "name": "RHSA-2009:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "name": "37079", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37079" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "oval:org.mitre.oval:def:8134", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134" }, { "name": "DSA-2028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2028" }, { "name": "DSA-2050", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2050" }, { "name": "37159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37159" }, { "name": "37054", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37054" }, { "name": "FEDORA-2010-1805", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "name": "1021706", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "name": "FEDORA-2009-10845", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "name": "RHSA-2009:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "name": "37114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37114" }, { "name": "37077", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37077" }, { "name": "oval:org.mitre.oval:def:11043", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043" }, { "name": "1023029", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023029" }, { "name": "RHSA-2009:1503", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "name": "ADV-2009-2926", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "name": "MDVSA-2011:175", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893" }, { "name": "xpdf-imagestream-dos(53800)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800" }, { "name": "37037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37037" }, { "name": "USN-850-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "name": "ADV-2010-0802", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "name": "RHSA-2009:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "name": "FEDORA-2010-1842", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "name": "RHSA-2009:1500", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "name": "ADV-2009-2928", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "name": "RHSA-2009:1513", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "name": "37034", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37034" }, { "name": "37023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37023" }, { "name": "ADV-2009-2924", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "name": "37051", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37051" }, { "name": "274030", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "name": "ADV-2010-1220", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "name": "USN-850-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "name": "37061", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37061" }, { "name": "39327", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39327" }, { "name": "37043", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37043" }, { "name": "36703", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36703" }, { "name": "ADV-2009-2925", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "name": "RHSA-2010:0755", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html" }, { "name": "MDVSA-2009:334", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3609", "datePublished": "2009-10-21T17:00:00", "dateReserved": "2009-10-09T00:00:00", "dateUpdated": "2024-08-07T06:31:10.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-3608 (GCVE-0-2009-3608)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.520Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39938" }, { "name": "RHSA-2009:1504", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "name": "DSA-1941", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1941" }, { "name": "MDVSA-2009:287", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637" }, { "name": "[oss-security] 20091201 Re: Need more information on recent poppler issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" }, { "name": "37028", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37028" }, { "name": "FEDORA-2010-1377", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "name": "FEDORA-2009-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://poppler.freedesktop.org/" }, { "name": "RHSA-2009:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "name": "37079", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37079" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "DSA-2028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2028" }, { "name": "DSA-2050", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2050" }, { "name": "[oss-security] 20091130 Need more information on recent poppler issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" }, { "name": "37159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37159" }, { "name": "37054", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37054" }, { "name": "FEDORA-2010-1805", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "name": "1021706", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "name": "FEDORA-2009-10845", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "name": "RHSA-2009:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "name": "37114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37114" }, { "name": "37077", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37077" }, { "name": "1023029", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023029" }, { "name": "RHSA-2009:1503", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "name": "ADV-2009-2926", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "name": "MDVSA-2011:175", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "name": "37037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37037" }, { "name": "USN-850-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "name": "ADV-2010-0802", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "name": "RHSA-2009:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "name": "FEDORA-2010-1842", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "name": "xpdf-objectstream-bo(53794)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794" }, { "name": "ADV-2009-2928", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "name": "RHSA-2009:1513", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "name": "37034", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37034" }, { "name": "[oss-security] 20091130 Re: Need more information on recent poppler issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" }, { "name": "ADV-2009-2924", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "name": "37051", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37051" }, { "name": "274030", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "name": "ADV-2010-1220", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "name": "USN-850-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "name": "37053", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37053" }, { "name": "37061", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37061" }, { "name": "39327", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39327" }, { "name": "37043", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37043" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/advisories/ocert-2009-016.html" }, { "name": "oval:org.mitre.oval:def:9536", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536" }, { "name": "36703", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36703" }, { "name": "ADV-2009-2925", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "name": "MDVSA-2009:334", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "39938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39938" }, { "name": "RHSA-2009:1504", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "name": "DSA-1941", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1941" }, { "name": "MDVSA-2009:287", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637" }, { "name": "[oss-security] 20091201 Re: Need more information on recent poppler issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" }, { "name": "37028", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37028" }, { "name": "FEDORA-2010-1377", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "name": "FEDORA-2009-10823", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://poppler.freedesktop.org/" }, { "name": "RHSA-2009:1501", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "name": "37079", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37079" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "DSA-2028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2028" }, { "name": "DSA-2050", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2050" }, { "name": "[oss-security] 20091130 Need more information on recent poppler issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" }, { "name": "37159", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37159" }, { "name": "37054", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37054" }, { "name": "FEDORA-2010-1805", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "name": "1021706", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "name": "FEDORA-2009-10845", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "name": "RHSA-2009:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "name": "37114", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37114" }, { "name": "37077", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37077" }, { "name": "1023029", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023029" }, { "name": "RHSA-2009:1503", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "name": "ADV-2009-2926", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "name": "MDVSA-2011:175", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "name": "37037", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37037" }, { "name": "USN-850-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "name": "ADV-2010-0802", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "name": "RHSA-2009:1502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "name": "FEDORA-2010-1842", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "name": "xpdf-objectstream-bo(53794)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794" }, { "name": "ADV-2009-2928", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "name": "RHSA-2009:1513", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "name": "37034", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37034" }, { "name": "[oss-security] 20091130 Re: Need more information on recent poppler issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" }, { "name": "ADV-2009-2924", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "name": "37051", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37051" }, { "name": "274030", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "name": "ADV-2010-1220", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "name": "USN-850-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "name": "37053", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37053" }, { "name": "37061", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37061" }, { "name": "39327", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39327" }, { "name": "37043", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37043" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/advisories/ocert-2009-016.html" }, { "name": "oval:org.mitre.oval:def:9536", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536" }, { "name": "36703", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36703" }, { "name": "ADV-2009-2925", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "name": "MDVSA-2009:334", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3608", "datePublished": "2009-10-21T17:00:00", "dateReserved": "2009-10-09T00:00:00", "dateUpdated": "2024-08-07T06:31:10.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1244 (GCVE-0-2006-1244)
Vulnerability from cvelistv5
Published
2006-03-15 19:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:03:28.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "19644", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19644" }, { "name": "DSA-979", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-979" }, { "name": "DSA-998", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-998" }, { "name": "19164", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19164" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz" }, { "name": "19364", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19364" }, { "name": "DSA-983", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-983" }, { "name": "DSA-982", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-982" }, { "name": "19091", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19091" }, { "name": "19065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19065" }, { "name": "23834", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/23834" }, { "name": "DSA-1019", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1019" }, { "name": "16748", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16748" }, { "name": "18948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18948" }, { "name": "DSA-984", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-984" }, { "name": "19021", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19021" }, { "name": "USN-270-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/270-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-02-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "19644", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19644" }, { "name": "DSA-979", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-979" }, { "name": "DSA-998", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-998" }, { "name": "19164", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19164" }, { "tags": [ "x_refsource_MISC" ], "url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz" }, { "name": "19364", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19364" }, { "name": "DSA-983", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-983" }, { "name": "DSA-982", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-982" }, { "name": "19091", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19091" }, { "name": "19065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19065" }, { "name": "23834", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/23834" }, { "name": "DSA-1019", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1019" }, { "name": "16748", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16748" }, { "name": "18948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18948" }, { "name": "DSA-984", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-984" }, { "name": "19021", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19021" }, { "name": "USN-270-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/270-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1244", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "19644", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19644" }, { "name": "DSA-979", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-979" }, { "name": "DSA-998", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-998" }, { "name": "19164", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19164" }, { "name": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz", "refsource": "MISC", "url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz" }, { "name": "19364", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19364" }, { "name": "DSA-983", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-983" }, { "name": "DSA-982", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-982" }, { "name": "19091", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19091" }, { "name": "19065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19065" }, { "name": "23834", "refsource": "OSVDB", "url": "http://www.osvdb.org/23834" }, { "name": "DSA-1019", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1019" }, { "name": "16748", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16748" }, { "name": "18948", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18948" }, { "name": "DSA-984", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-984" }, { "name": "19021", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19021" }, { "name": "USN-270-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/270-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1244", "datePublished": "2006-03-15T19:00:00", "dateReserved": "2006-03-15T00:00:00", "dateUpdated": "2024-08-07T17:03:28.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-4035 (GCVE-0-2009-4035)
Vulnerability from cvelistv5
Published
2009-12-21 21:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:50.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1023356", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023356" }, { "name": "RHSA-2009:1680", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1680.html" }, { "name": "37350", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/37350" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a" }, { "name": "37787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37787" }, { "name": "37793", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37793" }, { "name": "xpdf-fofitype1parse-bo(54831)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54831" }, { "name": "37781", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37781" }, { "name": "RHSA-2009:1682", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1682.html" }, { "name": "oval:org.mitre.oval:def:10996", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996" }, { "name": "SUSE-SR:2010:003", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0" }, { "name": "RHSA-2009:1681", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1681.html" }, { "name": "37641", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37641" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541614" }, { "name": "ADV-2009-3555", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3555" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1023356", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023356" }, { "name": "RHSA-2009:1680", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1680.html" }, { "name": "37350", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/37350" }, { "tags": [ "x_refsource_MISC" ], "url": "http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a" }, { "name": "37787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37787" }, { "name": "37793", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37793" }, { "name": "xpdf-fofitype1parse-bo(54831)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54831" }, { "name": "37781", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37781" }, { "name": "RHSA-2009:1682", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1682.html" }, { "name": "oval:org.mitre.oval:def:10996", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996" }, { "name": "SUSE-SR:2010:003", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0" }, { "name": "RHSA-2009:1681", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1681.html" }, { "name": "37641", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37641" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541614" }, { "name": "ADV-2009-3555", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3555" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4035", "datePublished": "2009-12-21T21:00:00", "dateReserved": "2009-11-20T00:00:00", "dateUpdated": "2024-08-07T06:45:50.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=109880927526773&w=2 | ||
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml | Patch, Vendor Advisory | |
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 | ||
cve@mitre.org | http://www.securityfocus.com/bid/11501 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17819 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109880927526773&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11501 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17819 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
easy_software_products | cups | 1.0.4 | |
easy_software_products | cups | 1.0.4_8 | |
easy_software_products | cups | 1.1.1 | |
easy_software_products | cups | 1.1.4 | |
easy_software_products | cups | 1.1.4_2 | |
easy_software_products | cups | 1.1.4_3 | |
easy_software_products | cups | 1.1.4_5 | |
easy_software_products | cups | 1.1.6 | |
easy_software_products | cups | 1.1.7 | |
easy_software_products | cups | 1.1.10 | |
easy_software_products | cups | 1.1.12 | |
easy_software_products | cups | 1.1.13 | |
easy_software_products | cups | 1.1.14 | |
easy_software_products | cups | 1.1.15 | |
easy_software_products | cups | 1.1.16 | |
easy_software_products | cups | 1.1.17 | |
easy_software_products | cups | 1.1.18 | |
easy_software_products | cups | 1.1.19 | |
easy_software_products | cups | 1.1.19_rc5 | |
easy_software_products | cups | 1.1.20 | |
gnome | gpdf | 0.112 | |
gnome | gpdf | 0.131 | |
kde | koffice | 1.3 | |
kde | koffice | 1.3.1 | |
kde | koffice | 1.3.2 | |
kde | koffice | 1.3.3 | |
kde | koffice | 1.3_beta1 | |
kde | koffice | 1.3_beta2 | |
kde | koffice | 1.3_beta3 | |
kde | kpdf | 3.2 | |
pdftohtml | pdftohtml | 0.32a | |
pdftohtml | pdftohtml | 0.32b | |
pdftohtml | pdftohtml | 0.33 | |
pdftohtml | pdftohtml | 0.33a | |
pdftohtml | pdftohtml | 0.34 | |
pdftohtml | pdftohtml | 0.35 | |
pdftohtml | pdftohtml | 0.36 | |
tetex | tetex | 1.0.7 | |
tetex | tetex | 2.0 | |
tetex | tetex | 2.0.1 | |
tetex | tetex | 2.0.2 | |
xpdf | xpdf | 0.90 | |
xpdf | xpdf | 0.91 | |
xpdf | xpdf | 0.92 | |
xpdf | xpdf | 0.93 | |
xpdf | xpdf | 1.0 | |
xpdf | xpdf | 1.0a | |
xpdf | xpdf | 1.1 | |
xpdf | xpdf | 2.0 | |
xpdf | xpdf | 2.1 | |
xpdf | xpdf | 2.3 | |
xpdf | xpdf | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
gentoo | linux | * | |
kde | kde | 3.2 | |
kde | kde | 3.2.1 | |
kde | kde | 3.2.2 | |
kde | kde | 3.2.3 | |
kde | kde | 3.3 | |
kde | kde | 3.3.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_2.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 | |
suse | suse_linux | 8.0 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.2 | |
ubuntu | ubuntu_linux | 4.1 | |
ubuntu | ubuntu_linux | 4.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "68BD578F-CCAD-4515-9205-EB4F297C6DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "matchCriteriaId": "F3182CA2-7375-43BC-A0E5-DE11D4B65EE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCF4C8D0-3030-4DD5-800B-76A582A4CD0C", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "734D0C2C-F71F-461A-87EE-202C6B706753", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "matchCriteriaId": "3F0F402D-5CD0-4477-8B59-C753CECB02BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "matchCriteriaId": "959F7AFA-ED20-434C-993F-06C2A8574662", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "matchCriteriaId": "D4F5A0A4-2884-46CA-A846-8B954EB80CFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1741CC9D-C4A8-48F9-86CF-EC20AE2A6BE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "35E65857-12C7-49DE-AD27-3CACD456231C", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "47CEF035-57A6-470B-916A-E5562C28E866", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4E26BB15-4CF8-4496-A7F7-EB34C444EF72", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D414984E-4F6B-4278-8346-968587E4B18E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "33C36DCB-2FDD-44E6-85E8-875575AAE69E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "7C4B7C23-0C54-4FBA-A774-9CC1E148376E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "9FA0EF14-33E6-4D44-B86E-F04014EA3C8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "A5428EE6-F90A-4BB6-9D8C-8B99E80AB6DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A786A770-919E-4E23-949D-D836F316618A", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "00A2249C-73DE-434E-A41F-4EDB0ADC0845", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "73AB4D3D-FF35-4A50-A144-3AD41F6F2E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FB7653F1-70E2-423F-A6A9-30333644B506", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*", "matchCriteriaId": "2E70576E-C253-4F8B-A93E-14CC2EE7114D", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*", "matchCriteriaId": "832C5512-B473-40E8-BF4F-EC6ABFE46749", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "053435DD-BFDF-4C39-9919-11C42D569085", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9BB1A3C-3348-4545-A513-E504B33F72AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "CD45E2C8-0B0E-484F-8050-94BF77798183", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EAA654E-9DD4-4614-92D7-EF4D676B3A18", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "89C96FC9-40DB-467D-A701-49F97A1B887D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "76128BDC-2CA7-4AE7-8C4F-BCB3835CA938", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "0B2517C7-27EF-4961-91C3-CA33219AFF2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDAF6452-F3B0-4F62-893E-BCFA6AB7AE3B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*", "matchCriteriaId": "EE346726-71D6-438B-B600-A7E107332816", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*", "matchCriteriaId": "87E85020-B4DB-4011-BDD0-1C8967D45A84", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "8189A9AB-F685-40E2-944F-8BD3DD6FA0A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*", "matchCriteriaId": "C33B8585-FA5F-4210-A997-615BCEE1726F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "F4AE4C34-C497-426F-AC0D-1805A50582EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "A2989EFF-07B9-4EF2-B6C1-59E4F52FDC92", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "A3970101-5E83-49FD-BCB6-D9176D46B5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C86C7D6F-C39E-4403-86C6-F87599570E97", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "236005A1-C175-44D3-8D0C-C48F943F3D66", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0AF2AD80-5E65-4B57-933B-C395E98EF10D", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "07C92A0E-1DDA-4F83-A904-24A35C38883A", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "28CC6233-E207-40CC-81FF-A8670EEA4295", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "64DD9B5C-3DB8-4E15-B4A6-541E4E221C1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "0304E1E3-8766-40D0-8879-A652B4E9E72D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "188F1343-8082-4B54-8DA4-E344818ABD52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B95DA7DE-B786-4EE7-A3F4-C077A7986D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C5306C05-4A71-4175-8C22-F2DE0F2FE4C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFFDBEEC-B2C1-47F0-82D3-FC9147B590A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "354487CF-0086-4AE2-872B-0032E3EB89EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1169B802-7279-437F-AF59-621A67DC92EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B93B3ED-AF82-49A9-8C7F-E5F652F19669", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82", "vulnerable": true }, { "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "82F69843-978D-4686-BC5B-1D09DA4A21BD", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACEE0AED-7918-41E9-A902-AC4070E03132", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81E19472-47B4-4398-A188-CA5A5D3E7060", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D17407A2-089E-43A5-9BD5-EFF966F5CC16", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B436D-8D6A-473E-B707-26147208808B", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E26B353-4985-4116-B97A-5767CDC732F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888." } ], "id": "CVE-2004-0889", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-27T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11501" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17819" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/11501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17819" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109880927526773&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=110815379627883&w=2 | ||
cve@mitre.org | http://www.debian.org/security/2004/dsa-573 | ||
cve@mitre.org | http://www.debian.org/security/2004/dsa-581 | ||
cve@mitre.org | http://www.debian.org/security/2004/dsa-599 | ||
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml | ||
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-543.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-592.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-066.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-354.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/11501 | Patch, Vendor Advisory | |
cve@mitre.org | https://bugzilla.fedora.us/show_bug.cgi?id=2353 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 | ||
cve@mitre.org | https://www.ubuntu.com/usn/usn-9-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109880927526773&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110815379627883&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-573 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-581 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-599 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-543.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-592.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-066.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-354.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11501 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.fedora.us/show_bug.cgi?id=2353 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.ubuntu.com/usn/usn-9-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
easy_software_products | cups | 1.0.4 | |
easy_software_products | cups | 1.0.4_8 | |
easy_software_products | cups | 1.1.1 | |
easy_software_products | cups | 1.1.4 | |
easy_software_products | cups | 1.1.4_2 | |
easy_software_products | cups | 1.1.4_3 | |
easy_software_products | cups | 1.1.4_5 | |
easy_software_products | cups | 1.1.6 | |
easy_software_products | cups | 1.1.7 | |
easy_software_products | cups | 1.1.10 | |
easy_software_products | cups | 1.1.12 | |
easy_software_products | cups | 1.1.13 | |
easy_software_products | cups | 1.1.14 | |
easy_software_products | cups | 1.1.15 | |
easy_software_products | cups | 1.1.16 | |
easy_software_products | cups | 1.1.17 | |
easy_software_products | cups | 1.1.18 | |
easy_software_products | cups | 1.1.19 | |
easy_software_products | cups | 1.1.19_rc5 | |
easy_software_products | cups | 1.1.20 | |
gnome | gpdf | 0.112 | |
gnome | gpdf | 0.131 | |
kde | koffice | 1.3 | |
kde | koffice | 1.3.1 | |
kde | koffice | 1.3.2 | |
kde | koffice | 1.3.3 | |
kde | koffice | 1.3_beta1 | |
kde | koffice | 1.3_beta2 | |
kde | koffice | 1.3_beta3 | |
kde | kpdf | 3.2 | |
pdftohtml | pdftohtml | 0.32a | |
pdftohtml | pdftohtml | 0.32b | |
pdftohtml | pdftohtml | 0.33 | |
pdftohtml | pdftohtml | 0.33a | |
pdftohtml | pdftohtml | 0.34 | |
pdftohtml | pdftohtml | 0.35 | |
pdftohtml | pdftohtml | 0.36 | |
tetex | tetex | 1.0.7 | |
tetex | tetex | 2.0 | |
tetex | tetex | 2.0.1 | |
tetex | tetex | 2.0.2 | |
xpdf | xpdf | 0.90 | |
xpdf | xpdf | 0.91 | |
xpdf | xpdf | 0.92 | |
xpdf | xpdf | 0.93 | |
xpdf | xpdf | 1.0 | |
xpdf | xpdf | 1.0a | |
xpdf | xpdf | 1.1 | |
xpdf | xpdf | 2.0 | |
xpdf | xpdf | 2.1 | |
xpdf | xpdf | 2.3 | |
xpdf | xpdf | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
gentoo | linux | * | |
kde | kde | 3.2 | |
kde | kde | 3.2.1 | |
kde | kde | 3.2.2 | |
kde | kde | 3.2.3 | |
kde | kde | 3.3 | |
kde | kde | 3.3.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_2.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 | |
suse | suse_linux | 8.0 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.2 | |
ubuntu | ubuntu_linux | 4.1 | |
ubuntu | ubuntu_linux | 4.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "68BD578F-CCAD-4515-9205-EB4F297C6DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "matchCriteriaId": "F3182CA2-7375-43BC-A0E5-DE11D4B65EE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCF4C8D0-3030-4DD5-800B-76A582A4CD0C", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "734D0C2C-F71F-461A-87EE-202C6B706753", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "matchCriteriaId": "3F0F402D-5CD0-4477-8B59-C753CECB02BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "matchCriteriaId": "959F7AFA-ED20-434C-993F-06C2A8574662", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "matchCriteriaId": "D4F5A0A4-2884-46CA-A846-8B954EB80CFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1741CC9D-C4A8-48F9-86CF-EC20AE2A6BE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "35E65857-12C7-49DE-AD27-3CACD456231C", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "47CEF035-57A6-470B-916A-E5562C28E866", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4E26BB15-4CF8-4496-A7F7-EB34C444EF72", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D414984E-4F6B-4278-8346-968587E4B18E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "33C36DCB-2FDD-44E6-85E8-875575AAE69E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "7C4B7C23-0C54-4FBA-A774-9CC1E148376E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "9FA0EF14-33E6-4D44-B86E-F04014EA3C8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "A5428EE6-F90A-4BB6-9D8C-8B99E80AB6DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A786A770-919E-4E23-949D-D836F316618A", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "00A2249C-73DE-434E-A41F-4EDB0ADC0845", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "73AB4D3D-FF35-4A50-A144-3AD41F6F2E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FB7653F1-70E2-423F-A6A9-30333644B506", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*", "matchCriteriaId": "2E70576E-C253-4F8B-A93E-14CC2EE7114D", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*", "matchCriteriaId": "832C5512-B473-40E8-BF4F-EC6ABFE46749", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "053435DD-BFDF-4C39-9919-11C42D569085", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9BB1A3C-3348-4545-A513-E504B33F72AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "CD45E2C8-0B0E-484F-8050-94BF77798183", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EAA654E-9DD4-4614-92D7-EF4D676B3A18", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "89C96FC9-40DB-467D-A701-49F97A1B887D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "76128BDC-2CA7-4AE7-8C4F-BCB3835CA938", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "0B2517C7-27EF-4961-91C3-CA33219AFF2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDAF6452-F3B0-4F62-893E-BCFA6AB7AE3B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*", "matchCriteriaId": "EE346726-71D6-438B-B600-A7E107332816", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*", "matchCriteriaId": "87E85020-B4DB-4011-BDD0-1C8967D45A84", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "8189A9AB-F685-40E2-944F-8BD3DD6FA0A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*", "matchCriteriaId": "C33B8585-FA5F-4210-A997-615BCEE1726F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "F4AE4C34-C497-426F-AC0D-1805A50582EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "A2989EFF-07B9-4EF2-B6C1-59E4F52FDC92", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "A3970101-5E83-49FD-BCB6-D9176D46B5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C86C7D6F-C39E-4403-86C6-F87599570E97", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "236005A1-C175-44D3-8D0C-C48F943F3D66", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0AF2AD80-5E65-4B57-933B-C395E98EF10D", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "07C92A0E-1DDA-4F83-A904-24A35C38883A", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "28CC6233-E207-40CC-81FF-A8670EEA4295", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "64DD9B5C-3DB8-4E15-B4A6-541E4E221C1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "0304E1E3-8766-40D0-8879-A652B4E9E72D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "188F1343-8082-4B54-8DA4-E344818ABD52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B95DA7DE-B786-4EE7-A3F4-C077A7986D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C5306C05-4A71-4175-8C22-F2DE0F2FE4C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFFDBEEC-B2C1-47F0-82D3-FC9147B590A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "354487CF-0086-4AE2-872B-0032E3EB89EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1169B802-7279-437F-AF59-621A67DC92EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B93B3ED-AF82-49A9-8C7F-E5F652F19669", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82", "vulnerable": true }, { "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "82F69843-978D-4686-BC5B-1D09DA4A21BD", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACEE0AED-7918-41E9-A902-AC4070E03132", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81E19472-47B4-4398-A188-CA5A5D3E7060", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D17407A2-089E-43A5-9BD5-EFF966F5CC16", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B436D-8D6A-473E-B707-26147208808B", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E26B353-4985-4116-B97A-5767CDC732F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889." } ], "id": "CVE-2004-0888", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-27T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000886" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110815379627883\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-573" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-581" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-599" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:114" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:115" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:116" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-543.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-592.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-066.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11501" }, { "source": "cve@mitre.org", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714" }, { "source": "cve@mitre.org", "url": "https://www.ubuntu.com/usn/usn-9-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109880927526773\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110815379627883\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-573" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-599" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:113" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:114" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:115" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:116" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-543.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-592.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.ubuntu.com/usn/usn-9-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-03-15 19:06
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/18948 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19021 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19065 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19091 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19164 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19364 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19644 | Patch, Vendor Advisory | |
cve@mitre.org | http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz | Patch | |
cve@mitre.org | http://www.debian.org/security/2006/dsa-1019 | Patch, Vendor Advisory | |
cve@mitre.org | http://www.debian.org/security/2006/dsa-979 | Patch, Vendor Advisory | |
cve@mitre.org | http://www.debian.org/security/2006/dsa-982 | Patch, Vendor Advisory | |
cve@mitre.org | http://www.debian.org/security/2006/dsa-983 | Patch, Vendor Advisory | |
cve@mitre.org | http://www.debian.org/security/2006/dsa-984 | Patch, Vendor Advisory | |
cve@mitre.org | http://www.debian.org/security/2006/dsa-998 | Patch, Vendor Advisory | |
cve@mitre.org | http://www.osvdb.org/23834 | ||
cve@mitre.org | http://www.securityfocus.com/bid/16748 | ||
cve@mitre.org | https://usn.ubuntu.com/270-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18948 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19021 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19065 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19091 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19164 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19364 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19644 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1019 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-979 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-982 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-983 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-984 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-998 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/23834 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/16748 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/270-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnome | gpdf | 2.8.2 | |
libextractor | libextractor | 0.3.6 | |
libextractor | libextractor | 0.3.7 | |
libextractor | libextractor | 0.3.8 | |
libextractor | libextractor | 0.3.9 | |
libextractor | libextractor | 0.3.11 | |
libextractor | libextractor | 0.4 | |
libextractor | libextractor | 0.4.1 | |
libextractor | libextractor | 0.4.2 | |
libextractor | libextractor | 0.5 | |
xpdf | xpdf | 0.90 | |
xpdf | xpdf | 0.91 | |
xpdf | xpdf | 0.92 | |
xpdf | xpdf | 0.93 | |
xpdf | xpdf | 1.0 | |
xpdf | xpdf | 1.0a | |
xpdf | xpdf | 1.1 | |
xpdf | xpdf | 2.0 | |
xpdf | xpdf | 2.1 | |
xpdf | xpdf | 2.2 | |
xpdf | xpdf | 2.3 | |
xpdf | xpdf | 3.0 | |
xpdf | xpdf | 3.0.1 | |
xpdf | xpdf | 3.0.1_pl1 | |
xpdf | xpdf | 3.0_pl2 | |
xpdf | xpdf | 3.0_pl3 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 3.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnome:gpdf:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "06B06279-EFB2-4EC1-95F2-166DC5B1BB71", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "D93638AD-2023-4216-89A3-DF417EA940AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "7D411F34-B792-4B41-9FBE-0F0222D4F099", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "54B9A148-A52E-4B77-A854-7BF3C03AD490", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "BAEA984E-A346-42B8-ACA3-CE03D546EB3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "146D08C1-C651-4B6E-9997-474A81948764", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4FAB7C4B-8017-42C4-AD3C-2A9846105D2A", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B025EF7-1B61-40F0-9E03-C219C54E8E72", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BF9CF5E-A531-4D75-B47E-6C81A7679BBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:libextractor:libextractor:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "F68AC7F5-371B-4F02-85E4-829C2B012FE4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "28CC6233-E207-40CC-81FF-A8670EEA4295", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "64DD9B5C-3DB8-4E15-B4A6-541E4E221C1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "0304E1E3-8766-40D0-8879-A652B4E9E72D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "188F1343-8082-4B54-8DA4-E344818ABD52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B95DA7DE-B786-4EE7-A3F4-C077A7986D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C5306C05-4A71-4175-8C22-F2DE0F2FE4C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFFDBEEC-B2C1-47F0-82D3-FC9147B590A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "354487CF-0086-4AE2-872B-0032E3EB89EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "96767060-505A-42D2-A68A-6AD810DE800A", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1169B802-7279-437F-AF59-621A67DC92EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B93B3ED-AF82-49A9-8C7F-E5F652F19669", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B77866E-6818-4DE6-9457-39416871952C", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*", "matchCriteriaId": "B0A09900-C462-4E3D-9399-0271F91DC5BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*", "matchCriteriaId": "F6D23CF8-2B6C-4D2A-8E5E-6AACE99A7C19", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*", "matchCriteriaId": "9107B531-7254-4908-97F0-3BF1EA0495AC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*", "matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*", "matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*", "matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*", "matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*", "matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*", "matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*", "matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*", "matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*", "matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*", "matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature." } ], "id": "CVE-2006-1244", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-03-15T19:06:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18948" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19021" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19065" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19091" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19164" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19364" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19644" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-1019" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-979" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-982" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-983" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-984" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-998" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/23834" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16748" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/270-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/18948" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19065" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19091" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19164" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19644" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-1019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-979" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-983" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-984" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2006/dsa-998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16748" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/270-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Exploit | |
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
secalert@redhat.com | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37023 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37028 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37034 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37051 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37054 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37061 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37079 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37114 | ||
secalert@redhat.com | http://secunia.com/advisories/37159 | ||
secalert@redhat.com | http://secunia.com/advisories/39327 | ||
secalert@redhat.com | http://secunia.com/advisories/39938 | ||
secalert@redhat.com | http://securitytracker.com/id?1023029 | ||
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0755.html | ||
secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526893 | Exploit, Patch | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37023 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37028 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37034 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37051 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37054 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37061 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37079 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0755.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526893 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
foolabs | xpdf | 3.02pl1 | |
foolabs | xpdf | 3.02pl2 | |
foolabs | xpdf | 3.02pl3 | |
glyphandcog | xpdfreader | 3.00 | |
glyphandcog | xpdfreader | 3.01 | |
glyphandcog | xpdfreader | 3.02 | |
poppler | poppler | * | |
poppler | poppler | 0.1 | |
poppler | poppler | 0.1.1 | |
poppler | poppler | 0.1.2 | |
poppler | poppler | 0.2.0 | |
poppler | poppler | 0.3.0 | |
poppler | poppler | 0.3.1 | |
poppler | poppler | 0.3.2 | |
poppler | poppler | 0.3.3 | |
poppler | poppler | 0.4.0 | |
poppler | poppler | 0.4.1 | |
poppler | poppler | 0.4.2 | |
poppler | poppler | 0.4.3 | |
poppler | poppler | 0.4.4 | |
poppler | poppler | 0.5.0 | |
poppler | poppler | 0.5.1 | |
poppler | poppler | 0.5.2 | |
poppler | poppler | 0.5.3 | |
poppler | poppler | 0.5.4 | |
poppler | poppler | 0.5.9 | |
poppler | poppler | 0.6.0 | |
poppler | poppler | 0.6.1 | |
poppler | poppler | 0.6.2 | |
poppler | poppler | 0.6.3 | |
poppler | poppler | 0.6.4 | |
poppler | poppler | 0.7.0 | |
poppler | poppler | 0.7.1 | |
poppler | poppler | 0.7.2 | |
poppler | poppler | 0.7.3 | |
poppler | poppler | 0.8.0 | |
poppler | poppler | 0.8.1 | |
poppler | poppler | 0.8.2 | |
poppler | poppler | 0.8.3 | |
poppler | poppler | 0.8.4 | |
poppler | poppler | 0.8.6 | |
poppler | poppler | 0.8.7 | |
poppler | poppler | 0.9.0 | |
poppler | poppler | 0.9.1 | |
poppler | poppler | 0.9.2 | |
poppler | poppler | 0.9.3 | |
poppler | poppler | 0.10.0 | |
poppler | poppler | 0.10.1 | |
poppler | poppler | 0.10.2 | |
poppler | poppler | 0.10.3 | |
poppler | poppler | 0.10.4 | |
poppler | poppler | 0.10.5 | |
poppler | poppler | 0.10.6 | |
poppler | poppler | 0.10.7 | |
poppler | poppler | 0.11.0 | |
poppler | poppler | 0.11.1 | |
poppler | poppler | 0.11.2 | |
poppler | poppler | 0.11.3 | |
glyph_and_cog | pdftops | * | |
gnome | gpdf | * | |
kde | kpdf | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*", "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D", "vulnerable": true }, { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*", "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*", "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*", "matchCriteriaId": "C16CA37E-F28E-47E6-B77B-4CB0A859F831", "versionEndIncluding": "0.12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*", "matchCriteriaId": "1833267E-3B18-4CF8-B996-6226D5439F5F", "vulnerable": false }, { "criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8", "vulnerable": false }, { "criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read." }, { "lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n ImageStream::ImageStream en Stream.cc en Xpdf v3.02pl4 y Poppler v0.12.1, usado en GPdf, kdegraphics KPDF, y CUPS pdftops, permite a atacantes remotsos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de b\u00fafer fuera del l\u00edmite (over-read)." } ], "id": "CVE-2009-3609", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-10-21T17:30:00.453", "references": [ { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://poppler.freedesktop.org/" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37023" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37028" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37034" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37037" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37043" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37051" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37054" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37061" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37077" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37079" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37114" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37159" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39327" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39938" }, { "source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023029" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2028" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2050" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/36703" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://poppler.freedesktop.org/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37034" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37051" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37054" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37077" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37079" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37114" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39327" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/36703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
secalert@redhat.com | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37028 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37034 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37051 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37053 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37054 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37061 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37079 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37114 | ||
secalert@redhat.com | http://secunia.com/advisories/37159 | ||
secalert@redhat.com | http://secunia.com/advisories/39327 | ||
secalert@redhat.com | http://secunia.com/advisories/39938 | ||
secalert@redhat.com | http://securitytracker.com/id?1023029 | Patch | |
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
secalert@redhat.com | http://www.debian.org/security/2009/dsa-1941 | ||
secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
secalert@redhat.com | http://www.ocert.org/advisories/ocert-2009-016.html | ||
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/1 | ||
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/5 | ||
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/6 | ||
secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526637 | Patch | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536 | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37028 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37034 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37051 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37053 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37054 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37061 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37079 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1941 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/advisories/ocert-2009-016.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/5 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/6 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526637 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
foolabs | xpdf | 3.02pl1 | |
foolabs | xpdf | 3.02pl2 | |
foolabs | xpdf | 3.02pl3 | |
glyphandcog | xpdfreader | 3.00 | |
glyphandcog | xpdfreader | 3.01 | |
glyphandcog | xpdfreader | 3.02 | |
poppler | poppler | * | |
poppler | poppler | 0.1 | |
poppler | poppler | 0.1.1 | |
poppler | poppler | 0.1.2 | |
poppler | poppler | 0.2.0 | |
poppler | poppler | 0.3.0 | |
poppler | poppler | 0.3.1 | |
poppler | poppler | 0.3.2 | |
poppler | poppler | 0.3.3 | |
poppler | poppler | 0.4.0 | |
poppler | poppler | 0.4.1 | |
poppler | poppler | 0.4.2 | |
poppler | poppler | 0.4.3 | |
poppler | poppler | 0.4.4 | |
poppler | poppler | 0.5.0 | |
poppler | poppler | 0.5.1 | |
poppler | poppler | 0.5.2 | |
poppler | poppler | 0.5.3 | |
poppler | poppler | 0.5.4 | |
poppler | poppler | 0.5.9 | |
poppler | poppler | 0.6.0 | |
poppler | poppler | 0.6.1 | |
poppler | poppler | 0.6.2 | |
poppler | poppler | 0.6.3 | |
poppler | poppler | 0.6.4 | |
poppler | poppler | 0.7.0 | |
poppler | poppler | 0.7.1 | |
poppler | poppler | 0.7.2 | |
poppler | poppler | 0.7.3 | |
poppler | poppler | 0.8.0 | |
poppler | poppler | 0.8.1 | |
poppler | poppler | 0.8.2 | |
poppler | poppler | 0.8.3 | |
poppler | poppler | 0.8.4 | |
poppler | poppler | 0.8.6 | |
poppler | poppler | 0.8.7 | |
poppler | poppler | 0.9.0 | |
poppler | poppler | 0.9.1 | |
poppler | poppler | 0.9.2 | |
poppler | poppler | 0.9.3 | |
poppler | poppler | 0.10.0 | |
poppler | poppler | 0.10.1 | |
poppler | poppler | 0.10.2 | |
poppler | poppler | 0.10.3 | |
poppler | poppler | 0.10.4 | |
poppler | poppler | 0.10.5 | |
poppler | poppler | 0.10.6 | |
poppler | poppler | 0.10.7 | |
poppler | poppler | 0.11.0 | |
poppler | poppler | 0.11.1 | |
poppler | poppler | 0.11.2 | |
poppler | poppler | 0.11.3 | |
glyph_and_cog | pdftops | * | |
gnome | gpdf | * | |
kde | kpdf | * | |
tetex | tetex | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*", "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D", "vulnerable": true }, { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*", "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*", "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*", "matchCriteriaId": "C16CA37E-F28E-47E6-B77B-4CB0A859F831", "versionEndIncluding": "0.12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*", "matchCriteriaId": "1833267E-3B18-4CF8-B996-6226D5439F5F", "vulnerable": false }, { "criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8", "vulnerable": false }, { "criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3", "vulnerable": false }, { "criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*", "matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow." }, { "lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n ObjectStream::ObjectStream en XRef.cc en Xpdf y Poppler, usado en GPdf, kdegraphics KPDF, y CUPS pdftopf y teTeX, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)." } ], "id": "CVE-2009-3608", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-10-21T17:30:00.407", "references": [ { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://poppler.freedesktop.org/" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37028" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37034" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37037" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37043" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37051" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37053" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37054" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37061" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37077" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37079" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37114" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37159" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39327" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39938" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1023029" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2009/dsa-1941" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2028" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2050" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "source": "secalert@redhat.com", "url": "http://www.ocert.org/advisories/ocert-2009-016.html" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/36703" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://poppler.freedesktop.org/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37034" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37051" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37054" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37077" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37079" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37114" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39327" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1023029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1941" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2009-016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/12/01/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/12/01/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/12/01/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/36703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2926" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-12-21 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0 | ||
secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a | ||
secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html | ||
secalert@redhat.com | http://secunia.com/advisories/37641 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37781 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37787 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37793 | Vendor Advisory | |
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1680.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1681.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1682.html | ||
secalert@redhat.com | http://www.securityfocus.com/bid/37350 | ||
secalert@redhat.com | http://www.securitytracker.com/id?1023356 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3555 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=541614 | ||
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54831 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37641 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37781 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37787 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37793 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1680.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1681.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1682.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37350 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023356 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3555 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=541614 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54831 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnome:gpdf:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "06B06279-EFB2-4EC1-95F2-166DC5B1BB71", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:kdegraphics:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "40D90D14-63D3-446D-A24D-A2466AB91FAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:kpdf:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "24BA4DB2-7822-49A1-AC10-F6502E93E6D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "73F1D25C-854F-4CDC-A50D-601B39672390", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow." }, { "lang": "es", "value": "La funci\u00f3n FoFiType1::parse en fofi/FoFiType1.cc en Xpdf v3.0.0, en gpdf v2.8.2, en kpdf en kdegraphics v3.3.1, y posiblemente otras liber\u00edas y versiones, no verifica el valor de retorno de la funci\u00f3n getNextLine, permite a los atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero PDF con una fuente Type 1 modificada que puede producir un valor negativo, conduciendo a un error de conversi\u00f3n de entero signed-to-unsigned y un desbordamiento de b\u00fafer." } ], "id": "CVE-2009-4035", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-12-21T21:30:00.217", "references": [ { "source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0" }, { "source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37641" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37781" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37787" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37793" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-1680.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-1681.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-1682.html" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/37350" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1023356" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/3555" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541614" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54831" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37641" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37781" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37787" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37793" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1680.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1681.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1682.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37350" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1023356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/3555" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541614" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 | ||
secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
secalert@redhat.com | http://secunia.com/advisories/37023 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37028 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37042 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37053 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37079 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/37114 | ||
secalert@redhat.com | http://secunia.com/advisories/37159 | ||
secalert@redhat.com | http://secunia.com/advisories/39327 | ||
secalert@redhat.com | http://secunia.com/advisories/39938 | ||
secalert@redhat.com | http://securitytracker.com/id?1023029 | ||
secalert@redhat.com | http://site.pi3.com.pl/adv/xpdf.txt | Exploit | |
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526911 | Patch | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53795 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969 | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37023 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37028 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37042 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37053 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37079 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://site.pi3.com.pl/adv/xpdf.txt | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526911 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53795 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnome | gpdf | * | |
kde | kpdf | * | |
foolabs | xpdf | 3.02pl1 | |
foolabs | xpdf | 3.02pl2 | |
foolabs | xpdf | 3.02pl3 | |
glyphandcog | xpdfreader | 2.00 | |
glyphandcog | xpdfreader | 2.01 | |
glyphandcog | xpdfreader | 2.02 | |
glyphandcog | xpdfreader | 2.03 | |
glyphandcog | xpdfreader | 3.00 | |
glyphandcog | xpdfreader | 3.01 | |
glyphandcog | xpdfreader | 3.02 | |
poppler | poppler | 0.1 | |
poppler | poppler | 0.1.1 | |
poppler | poppler | 0.1.2 | |
poppler | poppler | 0.2.0 | |
poppler | poppler | 0.3.0 | |
poppler | poppler | 0.3.1 | |
poppler | poppler | 0.3.2 | |
poppler | poppler | 0.3.3 | |
poppler | poppler | 0.4.0 | |
poppler | poppler | 0.4.1 | |
poppler | poppler | 0.4.2 | |
poppler | poppler | 0.4.3 | |
poppler | poppler | 0.4.4 | |
poppler | poppler | 0.5.0 | |
poppler | poppler | 0.5.1 | |
poppler | poppler | 0.5.2 | |
poppler | poppler | 0.5.3 | |
poppler | poppler | 0.5.4 | |
poppler | poppler | 0.5.9 | |
poppler | poppler | 0.5.90 | |
poppler | poppler | 0.5.91 | |
poppler | poppler | 0.6.0 | |
poppler | poppler | 0.6.1 | |
poppler | poppler | 0.6.2 | |
poppler | poppler | 0.6.3 | |
poppler | poppler | 0.6.4 | |
poppler | poppler | 0.7.0 | |
poppler | poppler | 0.7.1 | |
poppler | poppler | 0.7.2 | |
poppler | poppler | 0.7.3 | |
poppler | poppler | 0.8.0 | |
poppler | poppler | 0.8.1 | |
poppler | poppler | 0.8.2 | |
poppler | poppler | 0.8.3 | |
poppler | poppler | 0.8.4 | |
poppler | poppler | 0.8.5 | |
poppler | poppler | 0.8.6 | |
poppler | poppler | 0.8.7 | |
poppler | poppler | 0.9.0 | |
poppler | poppler | 0.9.1 | |
poppler | poppler | 0.9.2 | |
poppler | poppler | 0.9.3 | |
poppler | poppler | 0.10.0 | |
poppler | poppler | 0.10.1 | |
poppler | poppler | 0.10.2 | |
poppler | poppler | 0.10.3 | |
poppler | poppler | 0.10.4 | |
poppler | poppler | 0.10.5 | |
poppler | poppler | 0.10.6 | |
poppler | poppler | 0.10.7 | |
poppler | poppler | 0.11.0 | |
poppler | poppler | 0.11.1 | |
poppler | poppler | 0.11.2 | |
poppler | poppler | 0.11.3 | |
poppler | poppler | 0.12.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8", "vulnerable": false }, { "criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*", "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D", "vulnerable": true }, { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*", "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*", "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*", "matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*", "matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900", "vulnerable": true }, { "criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow." }, { "lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n Splash.cc en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF y GPdf, no asigna la memoria adecuadamente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y probablemente, la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)." } ], "id": "CVE-2009-3604", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-10-21T17:30:00.313", "references": [ { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2" }, { "source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37023" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37028" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37037" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37042" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37043" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37053" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37077" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37079" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37114" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37159" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39327" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39938" }, { "source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023029" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://site.pi3.com.pl/adv/xpdf.txt" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2028" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2050" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/36703" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1040" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37077" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37079" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37114" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39327" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://site.pi3.com.pl/adv/xpdf.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/36703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-850-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-850-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/2928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0802" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1040" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1220" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-04-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:042 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:043 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:044 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:056 | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-034.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-053.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-057.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-132.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-213.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/11501 | Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:042 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:043 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:044 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:052 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:056 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-034.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-053.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-057.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-132.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-213.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11501 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ascii | ptex | 3.1.4 | |
cstex | cstetex | 2.0.2 | |
easy_software_products | cups | 1.0.4 | |
easy_software_products | cups | 1.0.4_8 | |
easy_software_products | cups | 1.1.1 | |
easy_software_products | cups | 1.1.4 | |
easy_software_products | cups | 1.1.4_2 | |
easy_software_products | cups | 1.1.4_3 | |
easy_software_products | cups | 1.1.4_5 | |
easy_software_products | cups | 1.1.6 | |
easy_software_products | cups | 1.1.7 | |
easy_software_products | cups | 1.1.10 | |
easy_software_products | cups | 1.1.12 | |
easy_software_products | cups | 1.1.13 | |
easy_software_products | cups | 1.1.14 | |
easy_software_products | cups | 1.1.15 | |
easy_software_products | cups | 1.1.16 | |
easy_software_products | cups | 1.1.17 | |
easy_software_products | cups | 1.1.18 | |
easy_software_products | cups | 1.1.19 | |
easy_software_products | cups | 1.1.19_rc5 | |
easy_software_products | cups | 1.1.20 | |
gnome | gpdf | 0.110 | |
gnome | gpdf | 0.112 | |
gnome | gpdf | 0.131 | |
kde | koffice | 1.3 | |
kde | koffice | 1.3.1 | |
kde | koffice | 1.3.2 | |
kde | koffice | 1.3.3 | |
kde | koffice | 1.3_beta1 | |
kde | koffice | 1.3_beta2 | |
kde | koffice | 1.3_beta3 | |
kde | kpdf | 3.2 | |
pdftohtml | pdftohtml | 0.32a | |
pdftohtml | pdftohtml | 0.32b | |
pdftohtml | pdftohtml | 0.33 | |
pdftohtml | pdftohtml | 0.33a | |
pdftohtml | pdftohtml | 0.34 | |
pdftohtml | pdftohtml | 0.35 | |
pdftohtml | pdftohtml | 0.36 | |
sgi | propack | 3.0 | |
tetex | tetex | 1.0.6 | |
tetex | tetex | 1.0.7 | |
tetex | tetex | 2.0 | |
tetex | tetex | 2.0.1 | |
tetex | tetex | 2.0.2 | |
xpdf | xpdf | 0.90 | |
xpdf | xpdf | 0.91 | |
xpdf | xpdf | 0.92 | |
xpdf | xpdf | 0.93 | |
xpdf | xpdf | 1.0 | |
xpdf | xpdf | 1.0a | |
xpdf | xpdf | 1.1 | |
xpdf | xpdf | 2.0 | |
xpdf | xpdf | 2.1 | |
xpdf | xpdf | 2.3 | |
xpdf | xpdf | 3.0 | |
sgi | advanced_linux_environment | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
debian | debian_linux | 3.0 | |
gentoo | linux | * | |
kde | kde | 3.2 | |
kde | kde | 3.2.1 | |
kde | kde | 3.2.2 | |
kde | kde | 3.2.3 | |
kde | kde | 3.3 | |
kde | kde | 3.3.1 | |
mandrakesoft | mandrake_linux_corporate_server | 3.0 | |
mandrakesoft | mandrake_linux_corporate_server | 3.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | fedora_core | core_2.0 | |
redhat | fedora_core | core_3.0 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 2.0 | |
suse | suse_linux | 3.0 | |
suse | suse_linux | 4.0 | |
suse | suse_linux | 4.2 | |
suse | suse_linux | 4.3 | |
suse | suse_linux | 4.4 | |
suse | suse_linux | 4.4.1 | |
suse | suse_linux | 5.0 | |
suse | suse_linux | 5.1 | |
suse | suse_linux | 5.2 | |
suse | suse_linux | 5.3 | |
suse | suse_linux | 6.0 | |
suse | suse_linux | 6.1 | |
suse | suse_linux | 6.1 | |
suse | suse_linux | 6.2 | |
suse | suse_linux | 6.3 | |
suse | suse_linux | 6.3 | |
suse | suse_linux | 6.3 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.2 | |
suse | suse_linux | 7.2 | |
suse | suse_linux | 7.3 | |
suse | suse_linux | 7.3 | |
suse | suse_linux | 7.3 | |
suse | suse_linux | 7.3 | |
suse | suse_linux | 8.0 | |
suse | suse_linux | 8.0 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.1 | |
suse | suse_linux | 9.2 | |
suse | suse_linux | 9.2 | |
ubuntu | ubuntu_linux | 4.1 | |
ubuntu | ubuntu_linux | 4.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ascii:ptex:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4AE020D3-0F38-4F53-AFB7-B4E98EAC659F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cstex:cstetex:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E16058D9-AC8B-4A7C-865F-93B476348363", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "68BD578F-CCAD-4515-9205-EB4F297C6DB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "matchCriteriaId": "F3182CA2-7375-43BC-A0E5-DE11D4B65EE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCF4C8D0-3030-4DD5-800B-76A582A4CD0C", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "734D0C2C-F71F-461A-87EE-202C6B706753", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "matchCriteriaId": "3F0F402D-5CD0-4477-8B59-C753CECB02BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "matchCriteriaId": "959F7AFA-ED20-434C-993F-06C2A8574662", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "matchCriteriaId": "D4F5A0A4-2884-46CA-A846-8B954EB80CFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1741CC9D-C4A8-48F9-86CF-EC20AE2A6BE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "35E65857-12C7-49DE-AD27-3CACD456231C", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "47CEF035-57A6-470B-916A-E5562C28E866", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4E26BB15-4CF8-4496-A7F7-EB34C444EF72", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D414984E-4F6B-4278-8346-968587E4B18E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "33C36DCB-2FDD-44E6-85E8-875575AAE69E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "7C4B7C23-0C54-4FBA-A774-9CC1E148376E", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "9FA0EF14-33E6-4D44-B86E-F04014EA3C8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "A5428EE6-F90A-4BB6-9D8C-8B99E80AB6DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A786A770-919E-4E23-949D-D836F316618A", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "00A2249C-73DE-434E-A41F-4EDB0ADC0845", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "73AB4D3D-FF35-4A50-A144-3AD41F6F2E55", "vulnerable": true }, { "criteria": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FB7653F1-70E2-423F-A6A9-30333644B506", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.110:*:*:*:*:*:*:*", "matchCriteriaId": "1CB6AE42-D493-43E5-A97C-76C8450E5881", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*", "matchCriteriaId": "2E70576E-C253-4F8B-A93E-14CC2EE7114D", "vulnerable": true }, { "criteria": "cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*", "matchCriteriaId": "832C5512-B473-40E8-BF4F-EC6ABFE46749", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "053435DD-BFDF-4C39-9919-11C42D569085", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9BB1A3C-3348-4545-A513-E504B33F72AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "CD45E2C8-0B0E-484F-8050-94BF77798183", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EAA654E-9DD4-4614-92D7-EF4D676B3A18", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*", "matchCriteriaId": "89C96FC9-40DB-467D-A701-49F97A1B887D", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*", "matchCriteriaId": "76128BDC-2CA7-4AE7-8C4F-BCB3835CA938", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*", "matchCriteriaId": "0B2517C7-27EF-4961-91C3-CA33219AFF2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDAF6452-F3B0-4F62-893E-BCFA6AB7AE3B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*", "matchCriteriaId": "EE346726-71D6-438B-B600-A7E107332816", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*", "matchCriteriaId": "87E85020-B4DB-4011-BDD0-1C8967D45A84", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*", "matchCriteriaId": "8189A9AB-F685-40E2-944F-8BD3DD6FA0A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*", "matchCriteriaId": "C33B8585-FA5F-4210-A997-615BCEE1726F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*", "matchCriteriaId": "F4AE4C34-C497-426F-AC0D-1805A50582EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*", "matchCriteriaId": "A2989EFF-07B9-4EF2-B6C1-59E4F52FDC92", "vulnerable": true }, { "criteria": "cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*", "matchCriteriaId": "A3970101-5E83-49FD-BCB6-D9176D46B5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "739A56F5-B19A-4B92-B9CB-04ECE4FFE204", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C86C7D6F-C39E-4403-86C6-F87599570E97", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "236005A1-C175-44D3-8D0C-C48F943F3D66", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0AF2AD80-5E65-4B57-933B-C395E98EF10D", "vulnerable": true }, { "criteria": "cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "07C92A0E-1DDA-4F83-A904-24A35C38883A", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "28CC6233-E207-40CC-81FF-A8670EEA4295", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "64DD9B5C-3DB8-4E15-B4A6-541E4E221C1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "0304E1E3-8766-40D0-8879-A652B4E9E72D", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "188F1343-8082-4B54-8DA4-E344818ABD52", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B95DA7DE-B786-4EE7-A3F4-C077A7986D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C5306C05-4A71-4175-8C22-F2DE0F2FE4C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B9DEF16-ECD5-4BBE-8986-52A6171B3D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFFDBEEC-B2C1-47F0-82D3-FC9147B590A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "354487CF-0086-4AE2-872B-0032E3EB89EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1169B802-7279-437F-AF59-621A67DC92EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B93B3ED-AF82-49A9-8C7F-E5F652F19669", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:advanced_linux_environment:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A05AC3EE-6292-4ECC-9680-048A12FCE723", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82", "vulnerable": true }, { "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "82F69843-978D-4686-BC5B-1D09DA4A21BD", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACEE0AED-7918-41E9-A902-AC4070E03132", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81E19472-47B4-4398-A188-CA5A5D3E7060", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D17407A2-089E-43A5-9BD5-EFF966F5CC16", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C4B436D-8D6A-473E-B707-26147208808B", "vulnerable": true }, { "criteria": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E26B353-4985-4116-B97A-5767CDC732F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02EE2D72-B1E6-4380-80B0-E40A23DDD115", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "111575DE-98A2-4C54-BDE1-CACC74D22B35", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1976D15D-9EE6-4A49-B59F-34F0505FD5BC", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "962FC8D7-BE5D-4E7D-9ADC-511681C593BF", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "451453AC-65FF-4E3B-9AC1-2DDB2E2182E4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7716120D-5110-42B0-A574-9AA2AC8D3C32", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "CB4C8426-CAF2-4366-94C0-1BA1C544FB6F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5CC7D746-B98B-4FAF-B816-57222759A344", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "830D48B8-D21D-4D31-99A1-20C231804DBE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C0BBDD2-9FF9-4CB7-BCAF-D4AF15DC2C7C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1C826AA-6E2F-4DAC-A7A2-9F47729B5DA5", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCC94EF9-5872-402F-B2FC-06331A924BB2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F163E145-09F7-4BE2-9B46-5B6713070BAB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "C7F08806-9458-439A-8EAE-2553122262ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B67020A-6942-4478-B501-764147C4970D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0AD0FF64-05DF-48C2-9BB5-FD993121FB2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "E74E0A28-7C78-4160-8BCF-99605285C0EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "76159C25-0760-47CB-AFCE-28306CDEA830", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", "matchCriteriaId": "8A206E1C-C2EC-4356-8777-B18D7069A4C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", "matchCriteriaId": "6E2FE291-1142-4627-A497-C0BB0D934A0B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "49BC7C7E-046C-4186-822E-9F3A2AD3577B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", "matchCriteriaId": "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "467A30EB-CB8F-4928-AC8F-F659084A9E2B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "714C1439-AB8E-4A8B-A783-D60E9DDC38D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "62CAE5B0-4D46-4A93-A343-C8E9CB574C62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "819868A7-EB1E-4CA9-8D71-72F194E5EFEB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*", "matchCriteriaId": "FB647A8B-ADB9-402B-96E1-45321C75731B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "0944FD27-736E-4B55-8D96-9F2CA9BB9B05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", "matchCriteriaId": "373BB5AC-1F38-4D0A-97DC-08E9654403EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "B5E71DA3-F4A0-46AF-92A2-E691C7A65528", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0519FF7D-363E-4530-9E63-6EA3E88432DC", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", "matchCriteriaId": "1975A2DD-EB22-4ED3-8719-F78AA7F414B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAE3FF4F-646F-4E05-A08A-C9399DEF60F1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", "matchCriteriaId": "19F606EE-530F-4C06-82DB-52035EE03FA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "A0E896D5-0005-4E7E-895D-B202AFCE09A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", "matchCriteriaId": "5A8B313F-93C7-4558-9571-DE1111487E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*", "matchCriteriaId": "37F124FE-15F1-49D7-9E03-8E036CE1A20C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "D5F98B9A-880E-45F0-8C16-12B22970F0D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*", "matchCriteriaId": "B905C6E9-5058-4FD7-95B6-CD6AB6B2F516", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7", "vulnerable": true }, { "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities." }, { "lang": "es", "value": "El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podr\u00eda dejar a los usuarios de Xpdf expuestos a las vulnerabilidades originales." } ], "id": "CVE-2005-0206", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-04-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-132.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-213.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11501" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-132.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-213.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }