CVE-2004-0889: Integer Overflow
First published: Tue Oct 26 2004(Updated: )
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/kdegraphics | <3.5.2-0ubuntu6 | 3.5.2-0ubuntu6 |
| ubuntu/kdegraphics | <3.5.2-0ubuntu6 | 3.5.2-0ubuntu6 |
| ubuntu/kdegraphics | <3.5.2-0ubuntu6 | 3.5.2-0ubuntu6 |
| ubuntu/koffice | <1.5.0-0ubuntu9.2 | 1.5.0-0ubuntu9.2 |
| ubuntu/koffice | <1.5.2-0ubuntu2.2 | 1.5.2-0ubuntu2.2 |
| ubuntu/koffice | <1.6.2-0ubuntu1.1 | 1.6.2-0ubuntu1.1 |
| ubuntu/xpdf | <3.01-7ubuntu0.1 | 3.01-7ubuntu0.1 |
| ubuntu/xpdf | <3.01-9ubuntu1.1 | 3.01-9ubuntu1.1 |
| ubuntu/xpdf | <3.01-9ubuntu3 | 3.01-9ubuntu3 |
| debian/xpdf | 3.04+git20210103-3 3.04+git20220601-1 3.04+git20240613-1 | |
| CUPS (Common UNIX Printing System) | =1.0.4 | |
| CUPS (Common UNIX Printing System) | =1.0.4_8 | |
| CUPS (Common UNIX Printing System) | =1.1.1 | |
| CUPS (Common UNIX Printing System) | =1.1.4 | |
| CUPS (Common UNIX Printing System) | =1.1.4_2 | |
| CUPS (Common UNIX Printing System) | =1.1.4_3 | |
| CUPS (Common UNIX Printing System) | =1.1.4_5 | |
| CUPS (Common UNIX Printing System) | =1.1.6 | |
| CUPS (Common UNIX Printing System) | =1.1.7 | |
| CUPS (Common UNIX Printing System) | =1.1.10 | |
| CUPS (Common UNIX Printing System) | =1.1.12 | |
| CUPS (Common UNIX Printing System) | =1.1.13 | |
| CUPS (Common UNIX Printing System) | =1.1.14 | |
| CUPS (Common UNIX Printing System) | =1.1.15 | |
| CUPS (Common UNIX Printing System) | =1.1.16 | |
| CUPS (Common UNIX Printing System) | =1.1.17 | |
| CUPS (Common UNIX Printing System) | =1.1.18 | |
| CUPS (Common UNIX Printing System) | =1.1.19 | |
| CUPS (Common UNIX Printing System) | =1.1.19_rc5 | |
| CUPS (Common UNIX Printing System) | =1.1.20 | |
| GNOME GPDF | =0.112 | |
| GNOME GPDF | =0.131 | |
| KDE KOffice | =1.3 | |
| KDE KOffice | =1.3.1 | |
| KDE KOffice | =1.3.2 | |
| KDE KOffice | =1.3.3 | |
| KDE KOffice | =1.3_beta1 | |
| KDE KOffice | =1.3_beta2 | |
| KDE KOffice | =1.3_beta3 | |
| KDE KPDF | =3.2 | |
| pdftohtml | =0.32a | |
| pdftohtml | =0.32b | |
| pdftohtml | =0.33 | |
| pdftohtml | =0.33a | |
| pdftohtml | =0.34 | |
| pdftohtml | =0.35 | |
| pdftohtml | =0.36 | |
| teTeX | =1.0.7 | |
| teTeX | =2.0 | |
| teTeX | =2.0.1 | |
| teTeX | =2.0.2 | |
| Xpdf | =0.90 | |
| Xpdf | =0.91 | |
| Xpdf | =0.92 | |
| Xpdf | =0.93 | |
| Xpdf | =1.0 | |
| Xpdf | =1.0a | |
| Xpdf | =1.1 | |
| Xpdf | =2.0 | |
| Xpdf | =2.1 | |
| Xpdf | =2.3 | |
| Xpdf | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Gentoo Linux | ||
| KDE Kde Beta 3 | =3.2 | |
| KDE Kde Beta 3 | =3.2.1 | |
| KDE Kde Beta 3 | =3.2.2 | |
| KDE Kde Beta 3 | =3.2.3 | |
| KDE Kde Beta 3 | =3.3 | |
| KDE Kde Beta 3 | =3.3.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux Desktop | =3.0 | |
| Red Hat Fedora Core | =core_2.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| SUSE Linux | =8.0 | |
| SUSE Linux | =8.1 | |
| SUSE Linux | =8.2 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.0 | |
| SUSE Linux | =9.1 | |
| SUSE Linux | =9.2 | |
| Ubuntu Linux | =4.1 | |
| Ubuntu Linux | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
- http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
- http://www.securityfocus.com/bid/11501
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
- http://marc.info/?l=bugtraq&m=109880927526773&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17819
- https://ubuntu.com/security/notices/USN-2-1
- https://ubuntu.com/security/notices/USN-14-1
- https://www.cve.org/CVERecord?id=CVE-2004-0889
- https://nvd.nist.gov/vuln/detail/CVE-2004-0889
- https://launchpad.net/bugs/cve/CVE-2004-0889
- https://security-tracker.debian.org/tracker/CVE-2004-0889
- https://ubuntu.com/security/CVE-2004-0889
- http://marc.info/?l=bugtraq&m=109880927526773&w=2
Frequently Asked Questions
What is the severity of CVE-2004-0889?
CVE-2004-0889 is classified as a high severity vulnerability due to its potential to allow denial of service and arbitrary code execution.
How do I fix CVE-2004-0889?
To fix CVE-2004-0889, update xpdf to versions later than 3.0, or update the affected KDE and KOffice packages to the specified remedies.
Which software is affected by CVE-2004-0889?
CVE-2004-0889 affects xpdf 3.0 and other software packages including various versions of KDE graphics and KOffice.
What type of vulnerability is CVE-2004-0889?
CVE-2004-0889 involves multiple integer overflows leading to potential denial of service and execution of arbitrary code.
Is there a known exploit for CVE-2004-0889?
While no specific exploits are publicly available, the vulnerability can be exploited remotely under certain conditions.
- agent/type
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/pdftohtml
- product/pdftohtml
- canonical/pdftohtml pdftohtml
- vendor/easy software products
- product/cups
- canonical/easy software products cups
- vendor/xpdf
- product/xpdf
- canonical/xpdf xpdf
- vendor/kde
- product/koffice
- canonical/kde koffice
- vendor/gnome
- product/gpdf
- canonical/gnome gpdf
- vendor/tetex
- product/tetex
- canonical/tetex tetex
- product/kpdf
- canonical/kde kpdf
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- product/fedora core
- canonical/redhat fedora core
- vendor/suse
- product/suse linux
- canonical/suse suse linux
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- vendor/debian
- product/debian linux
- canonical/debian debian linux
- vendor/ubuntu
- product/ubuntu linux
- canonical/ubuntu ubuntu linux
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- product/kde
- canonical/kde kde
- vendor/gentoo
- product/linux
- canonical/gentoo linux
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- agent/tags
- package-manager/ubuntu
- package-manager/debian
- canonical/cups (common unix printing system)
- version/cups (common unix printing system)/1.0.4
- version/cups (common unix printing system)/1.0.4_8
- version/cups (common unix printing system)/1.1.1
- version/cups (common unix printing system)/1.1.4
- version/cups (common unix printing system)/1.1.4_2
- version/cups (common unix printing system)/1.1.4_3
- version/cups (common unix printing system)/1.1.4_5
- version/cups (common unix printing system)/1.1.6
- version/cups (common unix printing system)/1.1.7
- version/cups (common unix printing system)/1.1.10
- version/cups (common unix printing system)/1.1.12
- version/cups (common unix printing system)/1.1.13
- version/cups (common unix printing system)/1.1.14
- version/cups (common unix printing system)/1.1.15
- version/cups (common unix printing system)/1.1.16
- version/cups (common unix printing system)/1.1.17
- version/cups (common unix printing system)/1.1.18
- version/cups (common unix printing system)/1.1.19
- version/cups (common unix printing system)/1.1.19_rc5
- version/cups (common unix printing system)/1.1.20
- version/gnome gpdf/0.112
- version/gnome gpdf/0.131
- version/kde koffice/1.3
- version/kde koffice/1.3.1
- version/kde koffice/1.3.2
- version/kde koffice/1.3.3
- version/kde koffice/1.3_beta1
- version/kde koffice/1.3_beta2
- version/kde koffice/1.3_beta3
- version/kde kpdf/3.2
- canonical/pdftohtml
- version/pdftohtml/0.32a
- version/pdftohtml/0.32b
- version/pdftohtml/0.33
- version/pdftohtml/0.33a
- version/pdftohtml/0.34
- version/pdftohtml/0.35
- version/pdftohtml/0.36
- canonical/tetex
- version/tetex/1.0.7
- version/tetex/2.0
- version/tetex/2.0.1
- version/tetex/2.0.2
- canonical/xpdf
- version/xpdf/0.90
- version/xpdf/0.91
- version/xpdf/0.92
- version/xpdf/0.93
- version/xpdf/1.0
- version/xpdf/1.0a
- version/xpdf/1.1
- version/xpdf/2.0
- version/xpdf/2.1
- version/xpdf/2.3
- version/xpdf/3.0
- canonical/debian
- version/debian/3.0
- canonical/kde kde beta 3
- version/kde kde beta 3/3.2
- version/kde kde beta 3/3.2.1
- version/kde kde beta 3/3.2.2
- version/kde kde beta 3/3.2.3
- version/kde kde beta 3/3.3
- version/kde kde beta 3/3.3.1
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- version/red hat enterprise linux/3.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/3.0
- canonical/red hat fedora core
- version/red hat fedora core/core_2.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- canonical/suse linux
- version/suse linux/8.0
- version/suse linux/8.1
- version/suse linux/8.2
- version/suse linux/9.0
- version/suse linux/9.1
- version/suse linux/9.2
- canonical/ubuntu linux
- version/ubuntu linux/4.1