CVE-2004-0888
tetex-bin - integer overflows
EPSS 3.7%
Description
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
How to fix CVE-2004-0888
To remediate CVE-2004-0888, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.1.22-6 or later
- Debian/cupsys—upgrade to 1.1.14-5woody10 or later
- —upgrade to 1.0.7+20011202-7.3 or later
- —upgrade to 3.00-9 or later
- —upgrade to 1.00-3.2 or later
Is CVE-2004-0888 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 1.1.22-6
- from 0, < 1.1.14-5woody10
- from 0, < 1.0.7+20011202-7.3
- from 0, < 3.00-9
- from 0, < 1.00-3.2