CentOS ProjectCESA-2009:0480poppler security update
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.359 Low
EPSS
Percentile
97.1%
CentOS Errata and Security Advisory CESA-2009:0480
Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.
Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use poppler
(such as Evince) to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)
Multiple buffer overflow flaws were found in popplerβs JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)
Multiple flaws were found in popplerβs JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause applications that use poppler (such as Evince) to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0166,
CVE-2009-1180)
Multiple input validation flaws were found in popplerβs JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash or, potentially, execute
arbitrary code when opened. (CVE-2009-0800)
Multiple denial of service flaws were found in popplerβs JBIG2 decoder. An
attacker could create a malicious PDF file that would cause applications
that use poppler (such as Evince) to crash when opened. (CVE-2009-0799,
CVE-2009-1181, CVE-2009-1183)
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, and Will Dormann of the CERT/CC for responsibly reporting
these flaws.
Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-May/078027.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078028.html
Affected packages:
poppler
poppler-devel
poppler-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0480
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 5 | i386 | poppler | <Β 0.5.4-4.4.el5_3.9 | poppler-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | i386 | poppler-devel | <Β 0.5.4-4.4.el5_3.9 | poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | i386 | poppler-utils | <Β 0.5.4-4.4.el5_3.9 | poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | i386 | poppler | <Β 0.5.4-4.4.el5_3.9 | poppler-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | i386 | poppler-devel | <Β 0.5.4-4.4.el5_3.9 | poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | i386 | poppler-utils | <Β 0.5.4-4.4.el5_3.9 | poppler-utils-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | i386 | poppler | <Β 0.5.4-4.4.el5_3.9 | poppler-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | x86_64 | poppler | <Β 0.5.4-4.4.el5_3.9 | poppler-0.5.4-4.4.el5_3.9.x86_64.rpm |
| CentOS | 5 | i386 | poppler-devel | <Β 0.5.4-4.4.el5_3.9 | poppler-devel-0.5.4-4.4.el5_3.9.i386.rpm |
| CentOS | 5 | x86_64 | poppler-devel | <Β 0.5.4-4.4.el5_3.9 | poppler-devel-0.5.4-4.4.el5_3.9.x86_64.rpm |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.359 Low
EPSS
Percentile
97.1%