10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.07 Low
EPSS
Percentile
93.3%
The xpdf package is an X Window System-based viewer for Portable Document
Format (PDF) files.
During a source code audit, Chris Evans and others discovered a number of
integer overflow bugs that affected all versions of Xpdf. An attacker could
construct a carefully crafted PDF file that could cause Xpdf to crash or
possibly execute arbitrary code when opened. This issue was assigned the
name CAN-2004-0888 by The Common Vulnerabilities and Exposures project
(cve.mitre.org). RHSA-2004:592 contained a fix for this issue, but it was
found to be incomplete and left 64-bit architectures vulnerable. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0206 to this issue.
All users of xpdf should upgrade to this updated package, which contains
backported patches to resolve these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | xpdf | < 2.02-9.6 | xpdf-2.02-9.6.s390x.rpm |
RedHat | any | i386 | xpdf | < 2.02-9.6 | xpdf-2.02-9.6.i386.rpm |
RedHat | any | ia64 | xpdf | < 2.02-9.6 | xpdf-2.02-9.6.ia64.rpm |
RedHat | any | x86_64 | xpdf | < 2.02-9.6 | xpdf-2.02-9.6.x86_64.rpm |
RedHat | any | s390 | xpdf | < 2.02-9.6 | xpdf-2.02-9.6.s390.rpm |
RedHat | any | ppc | xpdf | < 2.02-9.6 | xpdf-2.02-9.6.ppc.rpm |
RedHat | any | i386 | xpdf | < 0.92-15 | xpdf-0.92-15.i386.rpm |
RedHat | any | ia64 | xpdf | < 0.92-15 | xpdf-0.92-15.ia64.rpm |