CVE-2004-0888 [重大] | Denial of Service（Cups）

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

#	日付	旧 EPSS スコア	新 EPSS スコア	Δ（新 − 旧）
1	2025-03-30	19.59%	4.44%	-15.14%
2	2025-03-29	4.44%	19.59%	+15.14%
3	2025-03-17	—	4.44%	—

日付

旧 EPSS スコア

新 EPSS スコア

Δ（新 − 旧）

2025-03-30

19.59%

4.44%

-15.14%

2025-03-29

4.44%

19.59%

+15.14%

2025-03-17

—

4.44%

—

ベーススコア	バージョン	深刻度	ベクトル	悪用しやすさ	影響	スコアの出典
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` クリックして展開アクセス経路 (AV:N) ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。アクセスの複雑さ (AC:L) 手順が短く、再現性が高い。認証 (AU:N) 認証を経ずに攻撃を完結できる。機密性への影響 (C:C) 機密性は全面的に損なわれる。完全性への影響 (I:C) 完全性は全面的に損なわれる。可用性への影響 (A:C) 可用性は全面的に損なわれる。	10.0	10.0	[email protected]

ベーススコア

バージョン

深刻度

ベクトル

悪用しやすさ

影響

スコアの出典

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C クリックして展開

アクセス経路 (AV:N): ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:L): 手順が短く、再現性が高い。
認証 (AU:N): 認証を経ずに攻撃を完結できる。
機密性への影響 (C:C): 機密性は全面的に損なわれる。
完全性への影響 (I:C): 完全性は全面的に損なわれる。
可用性への影響 (A:C): 可用性は全面的に損なわれる。

10.0

[email protected]

CVE-2004-0888 の OS トラッカー

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2004-0888 not yet assigned priority: Debian including 2 source packages (cups, xpdf), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.	https://security-tracker.debian.org/tracker/CVE-2004-0888
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2004-0888
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2004-0888/
`ubuntu`	medium	CVE-2004-0888 medium priority: Ubuntu including 6 source packages (cupsys, gpdf, kdegraphics, koffice, pdftohtml, tetex-bin), 24 status rows across 4 suites (dapper, edgy, feisty, upstream): released 17, needs-triage 6, DNE 1.	https://ubuntu.com/security/CVE-2004-0888

CVE-2004-0888 の影響を受けるソフトウェア／構成

ベンダー	製品	バージョン	生の CPE
easy_software_products	cups	1.0.4	cpe:2.3:a:easy_software_products:cups:1.0.4:::::::*
easy_software_products	cups	1.0.4_8	cpe:2.3:a:easy_software_products:cups:1.0.4_8:::::::*
easy_software_products	cups	1.1.1	cpe:2.3:a:easy_software_products:cups:1.1.1:::::::*
easy_software_products	cups	1.1.4	cpe:2.3:a:easy_software_products:cups:1.1.4:::::::*
easy_software_products	cups	1.1.4_2	cpe:2.3:a:easy_software_products:cups:1.1.4_2:::::::*
easy_software_products	cups	1.1.4_3	cpe:2.3:a:easy_software_products:cups:1.1.4_3:::::::*
easy_software_products	cups	1.1.4_5	cpe:2.3:a:easy_software_products:cups:1.1.4_5:::::::*
easy_software_products	cups	1.1.6	cpe:2.3:a:easy_software_products:cups:1.1.6:::::::*
easy_software_products	cups	1.1.7	cpe:2.3:a:easy_software_products:cups:1.1.7:::::::*
easy_software_products	cups	1.1.10	cpe:2.3:a:easy_software_products:cups:1.1.10:::::::*
easy_software_products	cups	1.1.12	cpe:2.3:a:easy_software_products:cups:1.1.12:::::::*
easy_software_products	cups	1.1.13	cpe:2.3:a:easy_software_products:cups:1.1.13:::::::*
easy_software_products	cups	1.1.14	cpe:2.3:a:easy_software_products:cups:1.1.14:::::::*
easy_software_products	cups	1.1.15	cpe:2.3:a:easy_software_products:cups:1.1.15:::::::*
easy_software_products	cups	1.1.16	cpe:2.3:a:easy_software_products:cups:1.1.16:::::::*
easy_software_products	cups	1.1.17	cpe:2.3:a:easy_software_products:cups:1.1.17:::::::*
easy_software_products	cups	1.1.18	cpe:2.3:a:easy_software_products:cups:1.1.18:::::::*
easy_software_products	cups	1.1.19	cpe:2.3:a:easy_software_products:cups:1.1.19:::::::*
easy_software_products	cups	1.1.19_rc5	cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:::::::*
easy_software_products	cups	1.1.20	cpe:2.3:a:easy_software_products:cups:1.1.20:::::::*
gnome	gpdf	0.112	cpe:2.3:a:gnome:gpdf:0.112:::::::*
gnome	gpdf	0.131	cpe:2.3:a:gnome:gpdf:0.131:::::::*
kde	koffice	1.3	cpe:2.3:a:kde:koffice:1.3:::::::*
kde	koffice	1.3.1	cpe:2.3:a:kde:koffice:1.3.1:::::::*
kde	koffice	1.3.2	cpe:2.3:a:kde:koffice:1.3.2:::::::*
kde	koffice	1.3.3	cpe:2.3:a:kde:koffice:1.3.3:::::::*
kde	koffice	1.3_beta1	cpe:2.3:a:kde:koffice:1.3_beta1:::::::*
kde	koffice	1.3_beta2	cpe:2.3:a:kde:koffice:1.3_beta2:::::::*
kde	koffice	1.3_beta3	cpe:2.3:a:kde:koffice:1.3_beta3:::::::*
kde	kpdf	3.2	cpe:2.3:a:kde:kpdf:3.2:::::::*
pdftohtml	pdftohtml	0.32a	cpe:2.3:a:pdftohtml:pdftohtml:0.32a:::::::*
pdftohtml	pdftohtml	0.32b	cpe:2.3:a:pdftohtml:pdftohtml:0.32b:::::::*
pdftohtml	pdftohtml	0.33	cpe:2.3:a:pdftohtml:pdftohtml:0.33:::::::*
pdftohtml	pdftohtml	0.33a	cpe:2.3:a:pdftohtml:pdftohtml:0.33a:::::::*
pdftohtml	pdftohtml	0.34	cpe:2.3:a:pdftohtml:pdftohtml:0.34:::::::*
pdftohtml	pdftohtml	0.35	cpe:2.3:a:pdftohtml:pdftohtml:0.35:::::::*
pdftohtml	pdftohtml	0.36	cpe:2.3:a:pdftohtml:pdftohtml:0.36:::::::*
tetex	tetex	1.0.7	cpe:2.3:a:tetex:tetex:1.0.7:::::::*
tetex	tetex	2.0	cpe:2.3:a:tetex:tetex:2.0:::::::*
tetex	tetex	2.0.1	cpe:2.3:a:tetex:tetex:2.0.1:::::::*
tetex	tetex	2.0.2	cpe:2.3:a:tetex:tetex:2.0.2:::::::*
xpdf	xpdf	0.90	cpe:2.3:a:xpdf:xpdf:0.90:::::::*
xpdf	xpdf	0.91	cpe:2.3:a:xpdf:xpdf:0.91:::::::*
xpdf	xpdf	0.92	cpe:2.3:a:xpdf:xpdf:0.92:::::::*
xpdf	xpdf	0.93	cpe:2.3:a:xpdf:xpdf:0.93:::::::*
xpdf	xpdf	1.0	cpe:2.3:a:xpdf:xpdf:1.0:::::::*
xpdf	xpdf	1.0a	cpe:2.3:a:xpdf:xpdf:1.0a:::::::*
xpdf	xpdf	1.1	cpe:2.3:a:xpdf:xpdf:1.1:::::::*
xpdf	xpdf	2.0	cpe:2.3:a:xpdf:xpdf:2.0:::::::*
xpdf	xpdf	2.1	cpe:2.3:a:xpdf:xpdf:2.1:::::::*
xpdf	xpdf	2.3	cpe:2.3:a:xpdf:xpdf:2.3:::::::*
xpdf	xpdf	3.0	cpe:2.3:a:xpdf:xpdf:3.0:::::::*
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0:::::::*
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::alpha:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::arm:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::hppa:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::ia-32:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::ia-64:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::m68k:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::mips:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::mipsel:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::ppc:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::s-390:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::sparc:::::
gentoo	linux	—	cpe:2.3:o:gentoo:linux::::::::
kde	kde	3.2	cpe:2.3:o:kde:kde:3.2:::::::*
kde	kde	3.2.1	cpe:2.3:o:kde:kde:3.2.1:::::::*
kde	kde	3.2.2	cpe:2.3:o:kde:kde:3.2.2:::::::*
kde	kde	3.2.3	cpe:2.3:o:kde:kde:3.2.3:::::::*
kde	kde	3.3	cpe:2.3:o:kde:kde:3.3:::::::*
kde	kde	3.3.1	cpe:2.3:o:kde:kde:3.3.1:::::::*
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::

CVE-2004-0888 の参考情報

URL	タグ
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
http://marc.info/?l=bugtraq&m=109880927526773&w=2
http://marc.info/?l=bugtraq&m=110815379627883&w=2
http://www.debian.org/security/2004/dsa-573
http://www.debian.org/security/2004/dsa-581
http://www.debian.org/security/2004/dsa-599
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
http://www.redhat.com/support/errata/RHSA-2004-543.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-592.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://www.securityfocus.com/bid/11501	Patch Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2353
https://exchange.xforce.ibmcloud.com/vulnerabilities/17818
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714
https://www.ubuntu.com/usn/usn-9-1/

URL

タグ

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886

http://marc.info/?l=bugtraq&m=109880927526773&w=2

http://marc.info/?l=bugtraq&m=110815379627883&w=2

http://www.debian.org/security/2004/dsa-573

http://www.debian.org/security/2004/dsa-581

http://www.debian.org/security/2004/dsa-599

http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2004:113

http://www.mandriva.com/security/advisories?name=MDKSA-2004:114