Search for vulnerabilities
Vulnerability details: VCID-mz8c-ez4g-aaaj
Vulnerability ID VCID-mz8c-ez4g-aaaj
Aliases CVE-2004-1125
Summary Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2005:013
rhas Moderate https://access.redhat.com/errata/RHSA-2005:018
rhas Moderate https://access.redhat.com/errata/RHSA-2005:026
rhas Important https://access.redhat.com/errata/RHSA-2005:034
rhas Important https://access.redhat.com/errata/RHSA-2005:053
rhas Important https://access.redhat.com/errata/RHSA-2005:057
rhas Important https://access.redhat.com/errata/RHSA-2005:066
rhas Moderate https://access.redhat.com/errata/RHSA-2005:354
epss 0.04476 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.04476 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.04476 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.04476 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.06203 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.07314 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
epss 0.11994 https://api.first.org/data/v1/epss?cve=CVE-2004-1125
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1617371
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2004-1125
Reference id Reference type URL
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
http://marc.info/?t=110378596500001&r=1&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1125.json
https://api.first.org/data/v1/epss?cve=CVE-2004-1125
https://bugzilla.fedora.us/show_bug.cgi?id=2352
https://bugzilla.fedora.us/show_bug.cgi?id=2353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1125
http://secunia.com/advisories/17277
http://securitytracker.com/id?1012646
https://exchange.xforce.ibmcloud.com/vulnerabilities/18641
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830
https://usn.ubuntu.com/50-1/
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml
http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
http://www.kde.org/info/security/advisory-20041223-1.txt
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-018.html
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
http://www.redhat.com/support/errata/RHSA-2005-057.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://www.securityfocus.com/bid/12070
1617371 https://bugzilla.redhat.com/show_bug.cgi?id=1617371
cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
CVE-2004-1125 https://nvd.nist.gov/vuln/detail/CVE-2004-1125
RHSA-2005:013 https://access.redhat.com/errata/RHSA-2005:013
RHSA-2005:018 https://access.redhat.com/errata/RHSA-2005:018
RHSA-2005:026 https://access.redhat.com/errata/RHSA-2005:026
RHSA-2005:034 https://access.redhat.com/errata/RHSA-2005:034
RHSA-2005:053 https://access.redhat.com/errata/RHSA-2005:053
RHSA-2005:057 https://access.redhat.com/errata/RHSA-2005:057
RHSA-2005:066 https://access.redhat.com/errata/RHSA-2005:066
RHSA-2005:354 https://access.redhat.com/errata/RHSA-2005:354
USN-48-1 https://usn.ubuntu.com/48-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2004-1125
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92346
EPSS Score 0.04476
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.