VDB
CVE-2004-1125
CVE-2004-1125
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
EPSS 7.31% · 91.8th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
7.31%
91.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| easy_software_products | cups | 1.1.20 |
| xpdf | xpdf | 3.0 |
| kde | kde | 3.3.2, 3.2.3 |
Timeline
- Dec 22, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- RHSA-2005:013 vendor-advisory
- 17277 third-party-advisory
- RHSA-2005:066 vendor-advisory
- RHSA-2005:034 vendor-advisory
- RHSA-2005:018 vendor-advisory
- FLSA:2352 vendor-advisory
- FLSA:2353 vendor-advisory
- 1012646 vdb
- 12070 vdb
- http://www.kde.org/info/security/advisory-20041223-1.txt url
- xpdf-gfx-doimage-bo(18641) vdb
- GLSA-200501-17 vendor-advisory
- RHSA-2005:026 vendor-advisory
- RHSA-2005:053 vendor-advisory
- USN-50-1 vendor-advisory
- GLSA-200501-13 vendor-advisory
- 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability mailing-list
- GLSA-200412-25 vendor-advisory
- 20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities mailing-list
- SUSE-SR:2005:001 vendor-advisory
…and 9 more