Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2002-1384

Published: 02/01/2003 Updated: 03/05/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Easy Software Products

Vulnerability Summary

Integer overflow in pdftops, as used in Xpdf 2.01 and previous versions, xpdf-i, and CUPS prior to 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

Vulnerable Product Search on Vulmon Subscribe to Product

easy software products cups 1.0.4

easy software products cups 1.1.4

easy software products cups 1.1.4_2

xpdf xpdf 1.0a

xpdf xpdf 1.1

easy software products cups 1.0.4_8

easy software products cups 1.1.1

easy software products cups 1.1.4_3

easy software products cups 1.1.4_5

xpdf xpdf 2.0

xpdf xpdf 2.1

easy software products cups 1.1.10

easy software products cups 1.1.13

easy software products cups 1.1.6

easy software products cups 1.1.7

xpdf xpdf 0.90

easy software products cups 1.1.14

easy software products cups 1.1.17

xpdf xpdf 0.91

xpdf xpdf 1.0

Vendor Advisories

Debian Security Advisories: DSA-222-1 xpdf -- integer overflow
iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf package that can be exploited to gain the privileges of the target user This can lead to gaining unauthorized access to the 'lp' user if the pdftops program is part of the print filter For the current stable distribution (woody) this problem has been fixed in version 100 ...
Debian Security Advisories: DSA-232-1 cupsys -- several vulnerabilities
Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS) Several of these issues represent the potential for a remote compromise or denial of service The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2002-1383: Multiple integer overflows allow a remote attacker to execute arbitr ...

References

NVD-CWE-Otherhttp://www.idefense.com/advisory/12.23.02.txthttp://www.debian.org/security/2003/dsa-222http://www.debian.org/security/2003/dsa-226http://www.debian.org/security/2003/dsa-232http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002http://www.redhat.com/support/errata/RHSA-2002-295.htmlhttp://www.redhat.com/support/errata/RHSA-2002-307.htmlhttp://www.redhat.com/support/errata/RHSA-2003-037.htmlhttp://www.redhat.com/support/errata/RHSA-2003-216.htmlhttp://www.novell.com/linux/security/advisories/2003_002_cups.htmlhttp://www.securityfocus.com/bid/6475http://marc.info/?l=bugtraq&m=104152282309980&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/10937https://nvd.nist.govhttps://www.debian.org/security/./dsa-222
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook