Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:354

The remote host is missing updates announced in
advisory RHSA-2005:354.

TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.

A number of security flaws have been found affecting libraries used
internally within teTeX. An attacker who has the ability to trick a user
into processing a malicious file with teTeX could cause teTeX to crash or
possibly execute arbitrary code.

A number of integer overflow bugs that affect Xpdf were discovered. The
teTeX package contains a copy of the Xpdf code used for parsing PDF files
and is therefore affected by these bugs. The Common Vulnerabilities and
Exposures project ( has assigned the names CVE-2004-0888 and
CVE-2004-1125 to these issues.

A number of integer overflow bugs that affect libtiff were discovered. The
teTeX package contains an internal copy of libtiff used for parsing TIFF
image files and is therefore affected by these bugs. The Common
Vulnerabilities and Exposures project ( has assigned the
names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues.

Also latex2html is added to package tetex-latex for 64bit platforms.

Users of teTeX should upgrade to these updated packages, which contain
backported patches and are not vulnerable to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
BugTraq ID: 11406
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
CERT/CC vulnerability note: VU#948752
Conectiva Linux advisory: CLA-2004:888
Debian Security Information: DSA-567 (Google Search)
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
XForce ISS Database: libtiff-library-decoding-bo(17703)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0804
CERT/CC vulnerability note: VU#555304
XForce ISS Database: libtiff-dos(17755)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
CERT/CC vulnerability note: VU#687568
Computer Incident Advisory Center Bulletin: P-015
XForce ISS Database: libtiff-bo(17715)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0888
BugTraq ID: 11501
Conectiva Linux advisory: CLA-2004:886
Debian Security Information: DSA-573 (Google Search)
Debian Security Information: DSA-581 (Google Search)
Debian Security Information: DSA-599 (Google Search)
SuSE Security Announcement: SUSE-SA:2004:039 (Google Search)
XForce ISS Database: xpdf-pdf-bo(17818)
Common Vulnerability Exposure (CVE) ID: CVE-2004-1125
BugTraq ID: 12070
Bugtraq: 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability (Google Search)
Conectiva Linux advisory: CLA-2005:921
SCO Security Bulletin: SCOSA-2005.42
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
XForce ISS Database: xpdf-gfx-doimage-bo(18641)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.