FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1125

This CVE name corresponds to:

Entered Topic
2004-12-23 xpdf -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-1125 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-1125
Phase Assigned(20041202)

Description

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

References

Source Reference
IDEFENSE 20041221 Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability
CONFIRM ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
CONFIRM http://www.kde.org/info/security/advisory-20041223-1.txt
BUGTRAQ 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability
FULLDISC 20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities
CONECTIVA CLA-2005:921
FEDORA FLSA:2353
FEDORA FLSA:2352
GENTOO GLSA-200412-25
GENTOO GLSA-200501-13
GENTOO GLSA-200501-17
REDHAT RHSA-2005:013
REDHAT RHSA-2005:018
REDHAT RHSA-2005:034
REDHAT RHSA-2005:053
REDHAT RHSA-2005:057
REDHAT RHSA-2005:066
REDHAT RHSA-2005:354
REDHAT RHSA-2005:026
SCO SCOSA-2005.42
SUSE SUSE-SR:2005:001
UBUNTU USN-50-1
BID 12070
OVAL oval:org.mitre.oval:def:10830
SECTRACK 1012646
SECUNIA 17277
XF xpdf-gfx-doimage-bo(18641)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.