- Description
- Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB7653F1-70E2-423F-A6A9-30333644B506"
},
{
"criteria": "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B93B3ED-AF82-49A9-8C7F-E5F652F19669"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D17407A2-089E-43A5-9BD5-EFF966F5CC16"
},
{
"criteria": "cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F7180B3-03AC-427C-8CAD-FE06F81C4FF1"
}
],
"operator": "OR"
}
]
}
]