Vulnerability CVE-2004-1125

Vulnerability Name:

CVE-2004-1125 (CCN-18641)

Assigned:

2004-12-21

Published:

2004-12-21

Updated:

2018-10-03

Summary:

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch

Source: SCO
Type: UNKNOWN
SCOSA-2005.42

Source: MITRE
Type: CNA
CVE-2004-1125

Source: CONECTIVA
Type: UNKNOWN
CLA-2005:921

Source: FULLDISC
Type: UNKNOWN
20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability

Source: CCN
Type: RHSA-2005-013
cups security update

Source: CCN
Type: RHSA-2005-018
xpdf security update

Source: CCN
Type: RHSA-2005-026
tetex security update

Source: CCN
Type: RHSA-2005-034
xpdf security update

Source: CCN
Type: RHSA-2005-053
CUPS security update

Source: CCN
Type: RHSA-2005-057
gpdf security update

Source: CCN
Type: RHSA-2005-066
kdegraphics security update

Source: CCN
Type: RHSA-2005-354
tetex security update

Source: SECUNIA
Type: UNKNOWN
17277

Source: CCN
Type: SECTRACK ID: 1012646
Xpdf Buffer Overflow in doImage() Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1012646

Source: CCN
Type: CIAC Information Bulletin P-087
Buffer Overflow in xpdf

Source: CCN
Type: CIAC Information Bulletin P-142
XPDF/GPDF - CUPS Vulnerabilities

Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33

Source: DEBIAN
Type: DSA-619
xpdf -- buffer overflow

Source: DEBIAN
Type: DSA-621
cupsys -- buffer overflow

Source: CCN
Type: Xpdf Web site
Xpdf: Download

Source: CCN
Type: GLSA-200412-24
Xpdf, GPdf: New integer overflows

Source: CCN
Type: GLSA-200412-25
CUPS: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200412-25

Source: CCN
Type: GLSA-200501-13
pdftohtml: Vulnerabilities in included Xpdf

Source: GENTOO
Type: UNKNOWN
GLSA-200501-13

Source: CCN
Type: GLSA-200501-17
KPdf, KOffice: More vulnerabilities in included Xpdf

Source: GENTOO
Type: UNKNOWN
GLSA-200501-17

Source: CCN
Type: GLSA-200501-31
teTeX, pTeX, CSTeX: Multiple vulnerabilities

Source: CCN
Type: iDEFENSE Security Advisory 12.21.04
Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability

Source: IDEFENSE
Type: UNKNOWN
20041221 Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.kde.org/info/security/advisory-20041223-1.txt

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:001

Source: REDHAT
Type: UNKNOWN
RHSA-2005:013

Source: REDHAT
Type: UNKNOWN
RHSA-2005:018

Source: REDHAT
Type: UNKNOWN
RHSA-2005:026

Source: REDHAT
Type: UNKNOWN
RHSA-2005:034

Source: REDHAT
Type: UNKNOWN
RHSA-2005:053

Source: REDHAT
Type: UNKNOWN
RHSA-2005:057

Source: REDHAT
Type: UNKNOWN
RHSA-2005:066

Source: REDHAT
Type: UNKNOWN
RHSA-2005:354

Source: BID
Type: Patch, Vendor Advisory
12070

Source: CCN
Type: BID-12070
XPDF DoImage Remote Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-3
Buffer overflow

Source: CCN
Type: USN-48-1
xpdf

Source: CCN
Type: USN-50-1
CUPS vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA:2352

Source: FEDORA
Type: UNKNOWN
FLSA:2353

Source: XF
Type: UNKNOWN
xpdf-gfx-doimage-bo(18641)

Source: XF
Type: UNKNOWN
xpdf-gfx-doimage-bo(18641)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10830

Source: UBUNTU
Type: UNKNOWN
USN-50-1

Source: SUSE
Type: SUSE-SR:2005:001
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:003
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:008
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:xpdf:xpdf:3.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20041125	V	CVE-2004-1125	2015-11-16
oval:org.mitre.oval:def:10830	V	Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.	2013-04-29
oval:com.redhat.rhsa:def:20050354	P	RHSA-2005:354: tetex security update (Moderate)	2005-04-01
oval:com.redhat.rhsa:def:20050026	P	RHSA-2005:026: tetex security update (Moderate)	2005-03-16
oval:com.redhat.rhsa:def:20050053	P	RHSA-2005:053: CUPS security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050057	P	RHSA-2005:057: gpdf security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050066	P	RHSA-2005:066: kdegraphics security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050034	P	RHSA-2005:034: xpdf security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050013	P	RHSA-2005:013: cups security update (Important)	2005-01-12
oval:com.redhat.rhsa:def:20050018	P	RHSA-2005:018: xpdf security update (Moderate)	2005-01-12
oval:org.debian:def:621	V	buffer overflow	2004-12-31
oval:org.debian:def:619	V	buffer overflow	2004-12-30

BACK