MidnightBSD

Advisories for tetex

CVE-2001-0906 MEDIUM

teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tetex tetex *
CVE-2004-0888 HIGH

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde koffice 1.3.2
redhat fedora_core core_2.0
xpdf xpdf 1.0
easy_software_products cups 1.1.12
easy_software_products cups 1.1.4_3
kde koffice 1.3_beta3
easy_software_products cups 1.0.4_8
pdftohtml pdftohtml 0.35
kde kde 3.2.3
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.10
tetex tetex 2.0
xpdf xpdf 2.3
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.4_5
kde kde 3.3
easy_software_products cups 1.1.19
suse suse_linux 8.2
redhat enterprise_linux 3.0
xpdf xpdf 2.1
xpdf xpdf 1.1
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.1
easy_software_products cups 1.1.18
pdftohtml pdftohtml 0.34
tetex tetex 1.0.7
xpdf xpdf 0.91
pdftohtml pdftohtml 0.36
xpdf xpdf 2.0
pdftohtml pdftohtml 0.32b
kde kpdf 3.2
pdftohtml pdftohtml 0.32a
easy_software_products cups 1.1.13
easy_software_products cups 1.1.15
pdftohtml pdftohtml 0.33a
tetex tetex 2.0.2
suse suse_linux 9.0
suse suse_linux 8.0
easy_software_products cups 1.1.6
tetex tetex 2.0.1
ubuntu ubuntu_linux 4.1
suse suse_linux 9.2
easy_software_products cups 1.1.4_2
redhat enterprise_linux 2.1
gentoo linux *
xpdf xpdf 1.0a
easy_software_products cups 1.1.20
kde koffice 1.3
kde kde 3.2.2
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.17
kde kde 3.2.1
kde koffice 1.3_beta1
easy_software_products cups 1.1.4
suse suse_linux 8.1
kde koffice 1.3.3
easy_software_products cups 1.1.7
kde kde 3.3.1
easy_software_products cups 1.1.14
kde koffice 1.3_beta2
xpdf xpdf 0.90
kde koffice 1.3.1
easy_software_products cups 1.1.16
kde kde 3.2
debian debian_linux 3.0
xpdf xpdf 0.93
suse suse_linux 9.1
gnome gpdf 0.131
gnome gpdf 0.112
easy_software_products cups 1.0.4
xpdf xpdf 0.92
CVE-2004-0889 HIGH

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde koffice 1.3.2
redhat fedora_core core_2.0
xpdf xpdf 1.0
easy_software_products cups 1.1.12
easy_software_products cups 1.1.4_3
kde koffice 1.3_beta3
easy_software_products cups 1.0.4_8
pdftohtml pdftohtml 0.35
kde kde 3.2.3
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.10
tetex tetex 2.0
xpdf xpdf 2.3
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.4_5
kde kde 3.3
easy_software_products cups 1.1.19
suse suse_linux 8.2
redhat enterprise_linux 3.0
xpdf xpdf 2.1
xpdf xpdf 1.1
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.1
easy_software_products cups 1.1.18
pdftohtml pdftohtml 0.34
tetex tetex 1.0.7
xpdf xpdf 0.91
pdftohtml pdftohtml 0.36
xpdf xpdf 2.0
pdftohtml pdftohtml 0.32b
kde kpdf 3.2
pdftohtml pdftohtml 0.32a
easy_software_products cups 1.1.13
easy_software_products cups 1.1.15
pdftohtml pdftohtml 0.33a
tetex tetex 2.0.2
suse suse_linux 9.0
suse suse_linux 8.0
easy_software_products cups 1.1.6
tetex tetex 2.0.1
ubuntu ubuntu_linux 4.1
suse suse_linux 9.2
easy_software_products cups 1.1.4_2
redhat enterprise_linux 2.1
gentoo linux *
xpdf xpdf 1.0a
easy_software_products cups 1.1.20
kde koffice 1.3
kde kde 3.2.2
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.17
kde kde 3.2.1
kde koffice 1.3_beta1
easy_software_products cups 1.1.4
suse suse_linux 8.1
kde koffice 1.3.3
easy_software_products cups 1.1.7
kde kde 3.3.1
easy_software_products cups 1.1.14
kde koffice 1.3_beta2
xpdf xpdf 0.90
kde koffice 1.3.1
easy_software_products cups 1.1.16
kde kde 3.2
debian debian_linux 3.0
xpdf xpdf 0.93
suse suse_linux 9.1
gnome gpdf 0.131
gnome gpdf 0.112
easy_software_products cups 1.0.4
xpdf xpdf 0.92
CVE-2005-0206 HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat fedora_core core_2.0
kde koffice 1.3_beta3
suse suse_linux 6.2
pdftohtml pdftohtml 0.35
mandrakesoft mandrake_linux_corporate_server 3.0
kde kde 3.2.3
suse suse_linux 6.3
tetex tetex 2.0
easy_software_products cups 1.1.4_5
kde kde 3.3
xpdf xpdf 2.1
redhat enterprise_linux_desktop 3.0
suse suse_linux 4.3
pdftohtml pdftohtml 0.34
tetex tetex 1.0.7
xpdf xpdf 0.91
suse suse_linux 4.4.1
xpdf xpdf 2.0
pdftohtml pdftohtml 0.32b
kde kpdf 3.2
pdftohtml pdftohtml 0.32a
easy_software_products cups 1.1.15
redhat fedora_core core_1.0
tetex tetex 2.0.2
suse suse_linux 8.0
gnome gpdf 0.110
easy_software_products cups 1.1.6
suse suse_linux 4.4
ascii ptex 3.1.4
easy_software_products cups 1.1.4_2
redhat enterprise_linux 2.1
suse suse_linux 7.0
gentoo linux *
suse suse_linux 7.3
suse suse_linux 7.1
suse suse_linux 1.0
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.17
kde kde 3.2.1
suse suse_linux 4.0
sgi advanced_linux_environment 3.0
easy_software_products cups 1.1.4
suse suse_linux 8.1
kde koffice 1.3.3
easy_software_products cups 1.1.7
redhat linux 9.0
suse suse_linux 6.0
kde koffice 1.3_beta2
xpdf xpdf 0.90
kde koffice 1.3.1
easy_software_products cups 1.1.16
kde kde 3.2
tetex tetex 1.0.6
xpdf xpdf 0.93
suse suse_linux 9.1
gnome gpdf 0.131
gnome gpdf 0.112
kde koffice 1.3.2
suse suse_linux 6.1
xpdf xpdf 1.0
easy_software_products cups 1.1.12
easy_software_products cups 1.1.4_3
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.10
xpdf xpdf 2.3
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.19
suse suse_linux 8.2
redhat enterprise_linux 3.0
xpdf xpdf 1.1
xpdf xpdf 3.0
easy_software_products cups 1.1.1
easy_software_products cups 1.1.18
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.13
pdftohtml pdftohtml 0.33a
suse suse_linux 9.0
suse suse_linux 6.4
tetex tetex 2.0.1
ubuntu ubuntu_linux 4.1
suse suse_linux 9.2
sgi propack 3.0
suse suse_linux 3.0
suse suse_linux 4.2
redhat fedora_core core_3.0
xpdf xpdf 1.0a
easy_software_products cups 1.1.20
kde koffice 1.3
kde kde 3.2.2
kde koffice 1.3_beta1
suse suse_linux 5.3
kde kde 3.3.1
suse suse_linux 5.1
easy_software_products cups 1.1.14
suse suse_linux 7.2
suse suse_linux 5.2
cstex cstetex 2.0.2
debian debian_linux 3.0
suse suse_linux 2.0
suse suse_linux 5.0
easy_software_products cups 1.0.4
xpdf xpdf 0.92
CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
turbolinux turbolinux_multimedia *
turbolinux turbolinux_server 10.0_x86
redhat fedora_core core_2.0
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux fuji
tetex tetex 3.0
kde kpdf 3.4.3
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_personal *
mandrakesoft mandrake_linux_corporate_server 3.0
trustix secure_linux 2.2
redhat enterprise_linux 4.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
sco openserver 5.0.7
tetex tetex 2.0
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 10.2
mandrakesoft mandrake_linux 2006
easy_software_products cups 1.1.23
turbolinux turbolinux_server 8.0
sco openserver 6.0
easy_software_products cups 1.1.22_rc1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
redhat enterprise_linux 3.0
redhat fedora_core core_4.0
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
ubuntu ubuntu_linux 5.04
slackware slackware_linux 10.0
slackware slackware_linux 9.0
mandrakesoft mandrake_linux 10.1
tetex tetex 1.0.7
kde kpdf 3.2
easy_software_products cups 1.1.22
trustix secure_linux 2.0
kde kdegraphics 3.4.3
redhat fedora_core core_1.0
easy_software_products cups 1.1.23_rc1
tetex tetex 2.0.2
suse suse_linux 9.0
tetex tetex 2.0.1
ubuntu ubuntu_linux 4.1
libextractor libextractor *
turbolinux turbolinux 10
conectiva linux 10.0
suse suse_linux 9.2
redhat enterprise_linux 2.1
turbolinux turbolinux_server 10.0
kde kdegraphics 3.2
gentoo linux *
sgi propack 3.0
turbolinux turbolinux_home *
trustix secure_linux 3.0
slackware slackware_linux 10.1
suse suse_linux 1.0
debian debian_linux 3.1
redhat linux 7.3
kde koffice 1.4
redhat fedora_core core_3.0
suse suse_linux 10.0
slackware slackware_linux 10.2
slackware slackware_linux 9.1
kde koffice 1.4.1
suse suse_linux 9.3
poppler poppler 0.4.2
kde koffice 1.4.2
redhat linux 9.0
kde kword 1.4.2
debian debian_linux 3.0
turbolinux turbolinux_desktop 10.0
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 9.1
ubuntu ubuntu_linux 5.10
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
turbolinux turbolinux_multimedia *
turbolinux turbolinux_server 10.0_x86
redhat fedora_core core_2.0
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux fuji
tetex tetex 3.0
kde kpdf 3.4.3
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_personal *
mandrakesoft mandrake_linux_corporate_server 3.0
trustix secure_linux 2.2
redhat enterprise_linux 4.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
sco openserver 5.0.7
tetex tetex 2.0
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 10.2
mandrakesoft mandrake_linux 2006
easy_software_products cups 1.1.23
turbolinux turbolinux_server 8.0
sco openserver 6.0
easy_software_products cups 1.1.22_rc1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
redhat enterprise_linux 3.0
redhat fedora_core core_4.0
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
ubuntu ubuntu_linux 5.04
slackware slackware_linux 10.0
slackware slackware_linux 9.0
mandrakesoft mandrake_linux 10.1
tetex tetex 1.0.7
kde kpdf 3.2
easy_software_products cups 1.1.22
trustix secure_linux 2.0
kde kdegraphics 3.4.3
redhat fedora_core core_1.0
easy_software_products cups 1.1.23_rc1
tetex tetex 2.0.2
suse suse_linux 9.0
tetex tetex 2.0.1
ubuntu ubuntu_linux 4.1
libextractor libextractor *
turbolinux turbolinux 10
conectiva linux 10.0
suse suse_linux 9.2
redhat enterprise_linux 2.1
turbolinux turbolinux_server 10.0
kde kdegraphics 3.2
gentoo linux *
sgi propack 3.0
turbolinux turbolinux_home *
trustix secure_linux 3.0
slackware slackware_linux 10.1
suse suse_linux 1.0
debian debian_linux 3.1
redhat linux 7.3
kde koffice 1.4
redhat fedora_core core_3.0
suse suse_linux 10.0
slackware slackware_linux 10.2
slackware slackware_linux 9.1
kde koffice 1.4.1
suse suse_linux 9.3
poppler poppler 0.4.2
kde koffice 1.4.2
redhat linux 9.0
kde kword 1.4.2
debian debian_linux 3.0
turbolinux turbolinux_desktop 10.0
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 9.1
ubuntu ubuntu_linux 5.10
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
turbolinux turbolinux_multimedia *
turbolinux turbolinux_server 10.0_x86
redhat fedora_core core_2.0
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux fuji
tetex tetex 3.0
kde kpdf 3.4.3
redhat enterprise_linux_desktop 4.0
turbolinux turbolinux_personal *
mandrakesoft mandrake_linux_corporate_server 3.0
trustix secure_linux 2.2
redhat enterprise_linux 4.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
sco openserver 5.0.7
tetex tetex 2.0
redhat linux_advanced_workstation 2.1
mandrakesoft mandrake_linux 10.2
mandrakesoft mandrake_linux 2006
easy_software_products cups 1.1.23
turbolinux turbolinux_server 8.0
sco openserver 6.0
easy_software_products cups 1.1.22_rc1
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
redhat enterprise_linux 3.0
redhat fedora_core core_4.0
xpdf xpdf 3.0
redhat enterprise_linux_desktop 3.0
ubuntu ubuntu_linux 5.04
slackware slackware_linux 10.0
slackware slackware_linux 9.0
mandrakesoft mandrake_linux 10.1
tetex tetex 1.0.7
kde kpdf 3.2
easy_software_products cups 1.1.22
trustix secure_linux 2.0
kde kdegraphics 3.4.3
redhat fedora_core core_1.0
easy_software_products cups 1.1.23_rc1
tetex tetex 2.0.2
suse suse_linux 9.0
tetex tetex 2.0.1
ubuntu ubuntu_linux 4.1
libextractor libextractor *
turbolinux turbolinux 10
conectiva linux 10.0
suse suse_linux 9.2
redhat enterprise_linux 2.1
turbolinux turbolinux_server 10.0
kde kdegraphics 3.2
gentoo linux *
sgi propack 3.0
turbolinux turbolinux_home *
trustix secure_linux 3.0
slackware slackware_linux 10.1
suse suse_linux 1.0
debian debian_linux 3.1
redhat linux 7.3
kde koffice 1.4
redhat fedora_core core_3.0
suse suse_linux 10.0
slackware slackware_linux 10.2
slackware slackware_linux 9.1
kde koffice 1.4.1
suse suse_linux 9.3
poppler poppler 0.4.2
kde koffice 1.4.2
redhat linux 9.0
kde kword 1.4.2
debian debian_linux 3.0
turbolinux turbolinux_desktop 10.0
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 9.1
ubuntu ubuntu_linux 5.10