Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

Related bugs and status

CVE-2004-0889 (Candidate) is related to these bugs:

Bug #9450: tetex-bin is affected by CAN-2004-0888

Summary				In	Importance	Status
	9450	tetex-bin is affected by CAN-2004-0888		tetex-bin (Ubuntu)	Medium	Fix Released
	9450	tetex-bin is affected by CAN-2004-0888		tetex-bin (Debian)	Unknown	Fix Released

Bug #14171: tetex-bin still vulnerable to CAN-2004-0888 (CAN-2005-0206)

Summary				In	Importance	Status
	14171	tetex-bin still vulnerable to CAN-2004-0888 (CAN-2005-0206)		tetex-bin (Ubuntu)	High	Invalid
	14171	tetex-bin still vulnerable to CAN-2004-0888 (CAN-2005-0206)		tetex-bin (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

GENTOO: GLSA-200410-20
GENTOO: GLSA-200410-30
BID: 11501
MANDRAKE: MDKSA-2004:113
SUSE: SUSE-SA:2004:039
XF: xpdf-pdf-file-bo(17819)