Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2005:066
HistoryFeb 15, 2005 - 12:00 a.m.

(RHSA-2005:066) kdegraphics security update

2005-02-1500:00:00
access.redhat.com
8

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.161 Low

EPSS

Percentile

95.4%

JSON

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that
also affects kpdf due to a shared codebase. An attacker could construct a
carefully crafted PDF file that could cause kpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to
this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of
Xpdf which also affects kpdf due to a shared codebase. An attacker could
construct a carefully crafted PDF file that could cause kpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to
this issue.

During a source code audit, Chris Evans and others discovered a number of
integer overflow bugs that affected all versions of Xpdf which also affects
kpdf due to a shared codebase. An attacker could construct a carefully
crafted PDF file that could cause kpdf to crash or possibly execute
arbitrary code when opened. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.

Related

nessus 74
openvas 52
gentoo 12
redhat 11
securityvulns 6
oraclelinux 1
osv 7
debian 10
centos 1
ubuntu 4
debiancve 4
fedora 1
altlinux 2
freebsd 3
ubuntucve 5
cve 5
prion 1
nessus
nessus
RHEL 4 : kdegraphics (RHSA-2005:066)
2005-02-22 00:00:00
RHEL 4 : gpdf (RHSA-2005:057)
2005-02-22 00:00:00
GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities
2005-02-14 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200501-31 (teTeX)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-31 (teTeX)
2008-09-24 00:00:00
SLES9: Security update for Cups
2009-10-10 00:00:00
gentoo
gentoo
teTeX, pTeX, CSTeX: Multiple vulnerabilities
2005-01-23 00:00:00
pdftohtml: Vulnerabilities in included Xpdf
2004-11-23 00:00:00
KPdf, KOffice: Stack overflow in included Xpdf code
2005-01-23 00:00:00
redhat
redhat
(RHSA-2005:034) xpdf security update
2005-02-15 00:00:00
(RHSA-2005:057) gpdf security update
2005-02-15 00:00:00
(RHSA-2005:026) tetex security update
2005-03-16 00:00:00
securityvulns
securityvulns
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
2005-01-26 00:00:00
MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability
2004-10-22 00:00:00
iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
2005-01-19 00:00:00
oraclelinux
oraclelinux
kdegraphics security update
2006-11-30 00:00:00
osv
osv
tetex-bin - integer overflows
2004-11-25 00:00:00
xpdf - integer overflows
2004-11-02 00:00:00
cupsys - integer overflows
2004-10-21 00:00:00
debian
debian
[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
2004-11-25 14:48:24
[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution
2004-10-21 14:18:22
[SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution
2004-11-02 15:35:44
centos
centos
tetex security update
2005-04-01 21:29:55
ubuntu
ubuntu
tetex-bin vulnerabilities
2004-10-28 00:00:00
xpdf, CUPS vulnerabilities
2005-01-19 00:00:00
xpdf, tetex-bin vulnerabilities
2004-12-23 00:00:00
debiancve
debiancve
CVE-2005-0064
2005-05-02 04:00:00
CVE-2004-1125
2005-01-10 05:00:00
CVE-2004-0888
2005-01-27 05:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: cups-1.2.8-1.fc5
2007-03-14 20:14:24
altlinux
altlinux
Security fix for the ALT Linux 5 package xpdf version 3.00-alt5pl3
2005-01-19 00:00:00
Security fix for the ALT Linux 5 package xpdf version 3.00-alt4pl2
2004-12-22 00:00:00
freebsd
freebsd
xpdf -- makeFileKey2() buffer overflow vulnerability
2005-01-06 00:00:00
xpdf -- buffer overflow vulnerability
2004-11-23 00:00:00
xpdf -- integer overflow vulnerabilities
2004-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2005-0064
2005-05-02 00:00:00
CVE-2004-1125
2005-01-10 00:00:00
CVE-2004-0888
2005-01-27 00:00:00
cve
cve
CVE-2005-0064
2005-05-02 04:00:00
CVE-2004-1125
2005-01-10 05:00:00
CVE-2004-0888
2005-01-27 05:00:00
prion
prion
Integer overflow
2008-04-04 00:44:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.161 Low

EPSS

Percentile

95.4%

JSON
Related for RHSA-2005:066
nessus74openvas52gentoo12redhat11securityvulns6oraclelinux1osv7debian10centos1ubuntu4debiancve4fedora1altlinux2freebsd3ubuntucve5cve5prion1