CVEブラウザに戻る

CVE-2004-1125

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0110%

EPSS Percentile44.41th

Published2005年1月10日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

Affected Platforms (CPE)

📦

Easy Software Products

Cups

= 1.1.20

📦

Xpdf

Xpdf

= 3.0

💻

Kde

Kde

= 3.2.3

💻

Kde

Kde

= 3.3.2

References & Advisories

🔗 ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch

🔗 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html

🔗 http://marc.info/?t=110378596500001&r=1&w=2

🔗 http://secunia.com/advisories/17277

🔗 http://securitytracker.com/id?1012646

🔗 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml

関連する脆弱性情報

CVE-2002-136710.0

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a cert...

CVE-2002-136910.0

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing...

CVE-2001-019410.0

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

CVE-2002-138310.0

Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary...