CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1125

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile44.41th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

Affected Platforms (CPE)

πŸ“¦
Easy Software Products

Cups

= 1.1.20
πŸ“¦
Xpdf

Xpdf

= 3.0
πŸ’»
Kde

Kde

= 3.2.3
πŸ’»
Kde

Kde

= 3.3.2

References & Advisories

πŸ”— ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
πŸ”— ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
πŸ”— http://marc.info/?t=110378596500001&r=1&w=2
πŸ”— http://secunia.com/advisories/17277
πŸ”— http://securitytracker.com/id?1012646
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml

Related Vulnerabilities

CVE-2002-136710.0

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a cert...

CVE-2002-136910.0

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing...

CVE-2001-019410.0

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

CVE-2002-138310.0

Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary...