Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-1384

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

Published

2003-01-02T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application easy_software_products cups 1.0.4 Yes
Application easy_software_products cups 1.0.4_8 Yes
Application easy_software_products cups 1.1.1 Yes
Application easy_software_products cups 1.1.4 Yes
Application easy_software_products cups 1.1.4_2 Yes
Application easy_software_products cups 1.1.4_3 Yes
Application easy_software_products cups 1.1.4_5 Yes
Application easy_software_products cups 1.1.6 Yes
Application easy_software_products cups 1.1.7 Yes
Application easy_software_products cups 1.1.10 Yes
Application easy_software_products cups 1.1.13 Yes
Application easy_software_products cups 1.1.14 Yes
Application easy_software_products cups 1.1.17 Yes
Application xpdf xpdf 0.90 Yes
Application xpdf xpdf 0.91 Yes
Application xpdf xpdf 1.0 Yes
Application xpdf xpdf 1.0a Yes
Application xpdf xpdf 1.1 Yes
Application xpdf xpdf 2.0 Yes
Application xpdf xpdf 2.1 Yes
References