Vulnerabilities > CVE-2004-0889 - Integer Overflow vulnerability in Xpdf PDFTOPS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Easy_Software_Products
| 20 |
| Application | 2 | |
| Application | 8 | |
| Application | 7 | |
| Application | 4 | |
| Application | 11 | |
| OS | 12 | |
| OS | 1 | |
| OS | 6 | |
| OS | 13 | |
| OS | 7 | |
| OS | 2 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-20.NASL description The remote host is affected by the vulnerability described in GLSA-200410-20 (Xpdf, CUPS: Multiple integer overflows) Chris Evans discovered multiple integer overflow issues in Xpdf. Impact : An attacker could entice an user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf. By enticing an user to directly print the PDF file to a CUPS printer, an attacker could also crash the CUPS spooler or execute arbitrary code with the rights of the CUPS spooler, which is usually the last seen 2020-06-01 modified 2020-06-02 plugin id 15539 published 2004-10-21 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15539 title GLSA-200410-20 : Xpdf, CUPS: Multiple integer overflows code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200410-20. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15539); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0888", "CVE-2004-0889"); script_xref(name:"GLSA", value:"200410-20"); script_name(english:"GLSA-200410-20 : Xpdf, CUPS: Multiple integer overflows"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200410-20 (Xpdf, CUPS: Multiple integer overflows) Chris Evans discovered multiple integer overflow issues in Xpdf. Impact : An attacker could entice an user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf. By enticing an user to directly print the PDF file to a CUPS printer, an attacker could also crash the CUPS spooler or execute arbitrary code with the rights of the CUPS spooler, which is usually the 'lp' user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200410-20" ); script_set_attribute( attribute:"solution", value: "All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/xpdf-3.00-r5' All CUPS users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-print/cups-1.1.20-r5'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-print/cups", unaffected:make_list("ge 1.1.20-r5"), vulnerable:make_list("le 1.1.20-r4"))) flag++; if (qpkg_check(package:"app-text/xpdf", unaffected:make_list("ge 3.00-r5"), vulnerable:make_list("le 3.00-r4"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xpdf / CUPS"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-14-1.NASL description Markus Meissner discovered even more integer overflow vulnerabilities in xpdf, a viewer for PDF files. These integer overflows can eventually lead to buffer overflows. The Common UNIX Printing System (CUPS) uses the same code to print PDF files; tetex-bin uses the code to generate PDF output and process included PDF files. In any case, these vulnerabilities could be exploited by an attacker providing a specially crafted PDF file which, when processed by CUPS, xpdf, or pdflatex, could result in abnormal program termination or the execution of program code supplied by the attacker. In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). In the cases of xpdf and pdflatex, this bug could be exploited to gain the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20532 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20532 title Ubuntu 4.10 : xpdf vulnerabilities (USN-14-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-14-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20532); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:59"); script_cve_id("CVE-2004-0888", "CVE-2004-0889"); script_xref(name:"USN", value:"14-1"); script_name(english:"Ubuntu 4.10 : xpdf vulnerabilities (USN-14-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Markus Meissner discovered even more integer overflow vulnerabilities in xpdf, a viewer for PDF files. These integer overflows can eventually lead to buffer overflows. The Common UNIX Printing System (CUPS) uses the same code to print PDF files; tetex-bin uses the code to generate PDF output and process included PDF files. In any case, these vulnerabilities could be exploited by an attacker providing a specially crafted PDF file which, when processed by CUPS, xpdf, or pdflatex, could result in abnormal program termination or the execution of program code supplied by the attacker. In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). In the cases of xpdf and pdflatex, this bug could be exploited to gain the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkpathsea-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkpathsea3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tetex-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xpdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xpdf-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xpdf-reader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xpdf-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"cupsys", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"cupsys-bsd", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"cupsys-client", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsimage2", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsimage2-dev", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsys2-dev", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libcupsys2-gnutls10", pkgver:"1.1.20final+cvs20040330-4ubuntu16.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libkpathsea-dev", pkgver:"2.0.2-21ubuntu0.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libkpathsea3", pkgver:"2.0.2-21ubuntu0.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"tetex-bin", pkgver:"2.0.2-21ubuntu0.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"xpdf", pkgver:"3.00-8ubuntu1.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"xpdf-common", pkgver:"3.00-8ubuntu1.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"xpdf-reader", pkgver:"3.00-8ubuntu1.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"xpdf-utils", pkgver:"3.00-8ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cupsys / cupsys-bsd / cupsys-client / libcupsimage2 / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-31.NASL description The remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16422 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16422 title GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200501-31. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(16422); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-0888", "CVE-2004-0889", "CVE-2004-1125", "CVE-2005-0064"); script_xref(name:"GLSA", value:"200501-31"); script_name(english:"GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200501-31" ); script_set_attribute( attribute:"solution", value: "All teTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/tetex-2.0.2-r5' All CSTeX users should also upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/cstetex-2.0.2-r1' Finally, all pTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/ptex-3.1.4-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cstetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ptex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tetex"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-text/tetex", unaffected:make_list("ge 2.0.2-r5"), vulnerable:make_list("lt 2.0.2-r5"))) flag++; if (qpkg_check(package:"app-text/cstetex", unaffected:make_list("ge 2.0.2-r1"), vulnerable:make_list("lt 2.0.2-r1"))) flag++; if (qpkg_check(package:"app-text/ptex", unaffected:make_list("ge 3.1.4-r2"), vulnerable:make_list("lt 3.1.4-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "teTeX / pTeX / CSTeX"); }NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_039.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:039 (xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups). Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Team found similar bugs in xpdf 3. These bugs can be exploited by tricking an user to open a malformated PDF file. As a result the PDF viewer can be crashed or may be even code can be executed. last seen 2020-06-01 modified 2020-06-02 plugin id 15569 published 2004-10-26 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15569 title SUSE-SA:2004:039: xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-30.NASL description The remote host is affected by the vulnerability described in GLSA-200410-30 (GPdf, KPDF, KOffice: Vulnerabilities in included xpdf) GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is vulnerable to multiple integer overflows, as described in GLSA 200410-20. Impact : An attacker could entice a user to open a specially crafted PDF file, potentially resulting in execution of arbitrary code with the rights of the user running the affected utility. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15582 published 2004-10-28 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15582 title GLSA-200410-30 : GPdf, KPDF, KOffice: Vulnerabilities in included xpdf NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-113.NASL description Chris Evans discovered numerous vulnerabilities in the xpdf package : Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CVE-2004-0888) Multiple integer overflow issues affecting xpdf-3.0 only. These can result in DoS or possibly arbitrary code execution. (CVE-2004-0889) Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only. The updated packages are patched to deal with these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15548 published 2004-10-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15548 title Mandrake Linux Security Advisory : xpdf (MDKSA-2004:113) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_AD2F333726BF11D99289000C41E2CDAD.NASL description Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 19076 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19076 title FreeBSD : xpdf -- integer overflow vulnerabilities (ad2f3337-26bf-11d9-9289-000c41e2cdad) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2-1.NASL description Chris Evans discovered several integer overflow vulnerabilities in xpdf, a viewer for PDF files. The Common UNIX Printing System (CUPS) also uses the same code to print PDF files. In either case, these vulnerabilities could be exploited by an attacker by providing a specially crafted PDF file which, when processed by CUPS or xpdf, could result in abnormal program termination or the execution of program code supplied by the attacker. In the case of CUPS, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys). In the case of xpdf, this bug could be exploited to gain the privileges of the user invoking xpdf. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20614 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20614 title Ubuntu 4.10 : xpdf vulnerabilities (USN-2-1)
References
- http://marc.info/?l=bugtraq&m=109880927526773&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
- http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
- http://www.securityfocus.com/bid/11501
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17819