[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1125Date: (C)2005-01-10   (M)2023-12-22


Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1012646
BID-12070
SECUNIA-17277
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
20041223
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
http://marc.info/?t=110378596500001&r=1&w=2
CLA-2005:921
FLSA:2352
FLSA:2353
GLSA-200412-25
GLSA-200501-13
GLSA-200501-17
RHSA-2005:013
RHSA-2005:018
RHSA-2005:026
RHSA-2005:034
RHSA-2005:053
RHSA-2005:057
RHSA-2005:066
RHSA-2005:354
SCOSA-2005.42
SUSE-SR:2005:001
USN-50-1
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
http://www.kde.org/info/security/advisory-20041223-1.txt
oval:org.mitre.oval:def:10830
xpdf-gfx-doimage-bo(18641)

CWE    1
CWE-20

© SecPod Technologies