[email protected]CVE-2002-1384

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1384

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1384

integer overflow

pdftops

xpdf

cups

arbitrary code execution

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.2%

JSON

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

Affected configurations

NVD

Node

easy_software_productscupsMatch1.0.4

easy_software_productscupsMatch1.0.4_8

easy_software_productscupsMatch1.1.1

easy_software_productscupsMatch1.1.4

easy_software_productscupsMatch1.1.4_2

easy_software_productscupsMatch1.1.4_3

easy_software_productscupsMatch1.1.4_5

easy_software_productscupsMatch1.1.6

easy_software_productscupsMatch1.1.7

easy_software_productscupsMatch1.1.10

easy_software_productscupsMatch1.1.13

easy_software_productscupsMatch1.1.14

easy_software_productscupsMatch1.1.17

xpdfxpdfMatch0.90

xpdfxpdfMatch0.91

xpdfxpdfMatch1.0

xpdfxpdfMatch1.0a

xpdfxpdfMatch1.1

xpdfxpdfMatch2.0

xpdfxpdfMatch2.1

CPENameOperatorVersion
easy_software_products:cupseasy software products cupseq1.0.4
easy_software_products:cupseasy software products cupseq1.0.4_8
easy_software_products:cupseasy software products cupseq1.1.1
easy_software_products:cupseasy software products cupseq1.1.4
easy_software_products:cupseasy software products cupseq1.1.4_2
easy_software_products:cupseasy software products cupseq1.1.4_3
easy_software_products:cupseasy software products cupseq1.1.4_5
easy_software_products:cupseasy software products cupseq1.1.6
easy_software_products:cupseasy software products cupseq1.1.7
easy_software_products:cupseasy software products cupseq1.1.10

CPE	Name	Operator	Version
easy_software_products:cups	easy software products cups	eq	1.0.4
easy_software_products:cups	easy software products cups	eq	1.0.4_8
easy_software_products:cups	easy software products cups	eq	1.1.1
easy_software_products:cups	easy software products cups	eq	1.1.4
easy_software_products:cups	easy software products cups	eq	1.1.4_2
easy_software_products:cups	easy software products cups	eq	1.1.4_3
easy_software_products:cups	easy software products cups	eq	1.1.4_5
easy_software_products:cups	easy software products cups	eq	1.1.6
easy_software_products:cups	easy software products cups	eq	1.1.7
easy_software_products:cups	easy software products cups	eq	1.1.10