Fluid Attacks Database

Description

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	xpdf	>=0 <3.00-10	3.00-10
debian 11	xpdf	>=0 <3.00-10	3.00-10
debian 12	xpdf	>=0 <3.00-10	3.00-10
debian 13	xpdf	>=0 <3.00-10	3.00-10

Aliases

1. CVE-2004-08892. NVD-2004-08893. OSV-DEBIAN-2004-08894. OSV-2004-08895. SECURITY-TRACKER-CVE-2004-0889

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.