CVE-2004-0888

Publication date 27 January 2005

Last updated 17 July 2025

Ubuntu priority

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cupsys	7.04 feisty	Fixed 1.2.0-0ubuntu5
	6.10 edgy	Fixed 1.2.0-0ubuntu5
	6.06 LTS dapper	Fixed 1.2.0-0ubuntu5
gpdf	7.04 feisty	Not in release
	6.10 edgy	Fixed 2.10.0-2
	6.06 LTS dapper	Fixed 2.10.0-2
kdegraphics	7.04 feisty	Fixed 3.5.2-0ubuntu6
	6.10 edgy	Fixed 3.5.2-0ubuntu6
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu6
koffice	7.04 feisty	Fixed 1.6.2-0ubuntu1.1
	6.10 edgy	Fixed 1.5.2-0ubuntu2.2
	6.06 LTS dapper	Fixed 1.5.0-0ubuntu9.2
pdftohtml	7.04 feisty	Fixed 0.36-13
	6.10 edgy	Fixed 0.36-13
	6.06 LTS dapper	Fixed 0.36-13
tetex-bin	7.04 feisty	Fixed 3.0-13ubuntu6
	6.10 edgy	Fixed 3.0-13ubuntu6
	6.06 LTS dapper	Fixed 3.0-13ubuntu6

References

Related Ubuntu Security Notices (USN)

USN-14-1
xpdf vulnerabilities
2 November 2004

USN-9-1
tetex-bin vulnerabilities
28 October 2004

Other references

https://www.cve.org/CVERecord?id=CVE-2004-0888