RedhatCVELIST:CVE-2009-0791CVE-2009-0791
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
References
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secunia.com/advisories/35340
secunia.com/advisories/35685
secunia.com/advisories/37023
secunia.com/advisories/37028
secunia.com/advisories/37037
secunia.com/advisories/37043
secunia.com/advisories/37077
secunia.com/advisories/37079
securitytracker.com/id?1022326
www.mandriva.com/security/advisories?name=MDVSA-2009:334
www.redhat.com/support/errata/RHSA-2009-1083.html
www.securityfocus.com/bid/35195
www.vupen.com/english/advisories/2009/1488
www.vupen.com/english/advisories/2009/2928
bugzilla.redhat.com/show_bug.cgi?id=491840
exchange.xforce.ibmcloud.com/vulnerabilities/50941
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
rhn.redhat.com/errata/RHSA-2009-1500.html
rhn.redhat.com/errata/RHSA-2009-1501.html
rhn.redhat.com/errata/RHSA-2009-1502.html
rhn.redhat.com/errata/RHSA-2009-1503.html
rhn.redhat.com/errata/RHSA-2009-1512.html
Related
