Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1125

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-1125
Last Modified 07 Mar 2011 09:16:41
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1125

Summary

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

Vulnerable Systems

Operating System

  • Kde 3.2.3

  • Kde 3.3.2

Application

  • Easy Software Products Cups 1.1.20

  • Xpdf 3.0


References

BID - 12070

FEDORA - FLSA:2353

FEDORA - FLSA:2352

XF - xpdf-gfx-doimage-bo(18641)

UBUNTU - USN-50-1

REDHAT - RHSA-2005:354

REDHAT - RHSA-2005:066

REDHAT - RHSA-2005:057

REDHAT - RHSA-2005:053

REDHAT - RHSA-2005:034

REDHAT - RHSA-2005:026

REDHAT - RHSA-2005:018

REDHAT - RHSA-2005:013

SUSE - SUSE-SR:2005:001

CONFIRM - http://www.kde.org/info/security/advisory-20041223-1.txt

IDEFENSE - 20041221 Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability

GENTOO - GLSA-200501-17

GENTOO - GLSA-200501-13

GENTOO - GLSA-200412-25

SECTRACK - 1012646

SECUNIA - 17277

BUGTRAQ - 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability

FULLDISC - 20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities

CONECTIVA - CLA-2005:921

SCO - SCOSA-2005.42

CONFIRM - ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch


Last Updated: 27 May 2016 10:38:54