Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SA:2004:039
HistoryOct 26, 2004 - 10:45 a.m.

remote system compromise in xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups

2004-10-2610:45:14
lists.opensuse.org
15

0.959 High

EPSS

Percentile

99.5%

JSON

Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Team found similar bugs in xpdf 3. These bugs can be exploited by tricking an user to open a malformated PDF file. As a result the PDF viewer can be crashed or may be even code can be executed.

Solution

Due to the wide usage of xpdf-based code we do not recommend switching to another PDF viewer as a workaround. You have to install the updates.

Related

nessus 57
freebsd 3
gentoo 6
openvas 52
redhat 11
ubuntucve 6
suse 2
debiancve 8
cve 8
ubuntu 4
cvelist 8
securityvulns 5
nvd 8
fedora 2
debian 8
osv 4
checkpoint_advisories 3
cert 1
prion 1
centos 2
nessus
nessus
RHEL 3 : freeradius (RHSA-2004:609)
2004-11-13 00:00:00
GLSA-200409-29 : FreeRADIUS: Multiple Denial of Service vulnerabilities
2004-09-23 00:00:00
FreeBSD : freeradius -- denial-of-service vulnerability (20dfd134-1d39-11d9-9be9-000c6e8f12ef)
2005-07-13 00:00:00
freebsd
freebsd
freeradius -- denial-of-service vulnerability
2004-09-20 00:00:00
xpdf -- integer overflow vulnerabilities
2004-10-21 00:00:00
squid -- SNMP module denial-of-service vulnerability
2004-09-29 00:00:00
gentoo
gentoo
FreeRADIUS: Multiple Denial of Service vulnerabilities
2004-09-22 00:00:00
GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
2004-10-28 00:00:00
Xpdf, CUPS: Multiple integer overflows
2004-10-21 00:00:00
openvas
openvas
FreeBSD Ports: freeradius
2008-09-04 00:00:00
SLES9: Security update for freeradius
2009-10-10 00:00:00
SLES9: Security update for freeradius
2009-10-10 00:00:00
redhat
redhat
(RHSA-2004:609) freeradius security update
2004-11-12 00:00:00
(RHSA-2004:592) xpdf security update
2004-10-27 00:00:00
(RHSA-2004:591) squid security update
2004-10-20 00:00:00
ubuntucve
ubuntucve
CVE-2004-0888
2005-01-27 00:00:00
CVE-2004-0889
2005-01-27 00:00:00
CVE-2004-0938
2004-11-03 00:00:00
suse
suse
local privilege escalation in libtiff
2004-10-22 14:52:41
potential remote buffer overflow in samba
2004-11-15 22:07:05
debiancve
debiancve
CVE-2004-0889
2005-01-27 05:00:00
CVE-2004-0888
2005-01-27 05:00:00
CVE-2004-0938
2004-11-03 05:00:00
cve
cve
CVE-2004-0889
2005-01-27 05:00:00
CVE-2004-0888
2005-01-27 05:00:00
CVE-2004-0918
2005-01-27 05:00:00
ubuntu
ubuntu
xpdf vulnerabilities
2004-11-02 00:00:00
tetex-bin vulnerabilities
2004-10-28 00:00:00
xpdf vulnerabilities
2004-10-23 00:00:00
cvelist
cvelist
CVE-2004-0888
2004-10-26 04:00:00
CVE-2004-0889
2004-10-26 04:00:00
CVE-2004-0918
2004-10-21 04:00:00
securityvulns
securityvulns
[KDE security advisory] Multiple integer overflows in kpdf
2004-10-22 00:00:00
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
2005-01-26 00:00:00
[Full-Disclosure] iDEFENSE Security Advisory 10.11.04: Squid Web Proxy Cache Remote Denial of Service Vulnerability
2004-10-12 00:00:00
nvd
nvd
CVE-2004-0888
2005-01-27 05:00:00
CVE-2004-0889
2005-01-27 05:00:00
CVE-2004-0938
2004-11-03 05:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: squid-3.0.STABLE7-1.fc9
2008-07-03 03:16:28
[SECURITY] Fedora 9 Update: squid-3.0.STABLE13-1.fc9
2009-02-12 20:37:22
debian
debian
[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
2004-11-25 14:48:24
[SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution
2004-11-02 15:35:44
[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution
2004-10-21 14:18:22
osv
osv
tetex-bin - integer overflows
2004-11-25 00:00:00
xpdf - integer overflows
2004-11-02 00:00:00
cupsys - integer overflows
2004-10-21 00:00:00
checkpoint_advisories
checkpoint_advisories
FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)
2014-05-08 00:00:00
FreeRADIUS Illegal Attributes Denial of Service (CVE-2004-0938)
2009-12-08 00:00:00
Squid SNMP Parser ASN.1 Header Parsing Denial of Service (CVE-2004-0918)
2009-10-28 00:00:00
cert
cert
freeRADIUS Server vulnerable to a denial-of-service attack
2004-10-06 00:00:00
prion
prion
Integer overflow
2008-04-04 00:44:00
centos
centos
cups security update
2008-04-01 17:06:38
tetex security update
2005-04-01 21:29:55

0.959 High

EPSS

Percentile

99.5%

JSON
Related for SUSE-SA:2004:039
nessus57freebsd3gentoo6openvas52redhat11ubuntucve6suse2debiancve8cve8ubuntu4cvelist8securityvulns5nvd8fedora2debian8osv4checkpoint_advisories3cert1prion1centos2