CVE-2009-0791 Information

Description

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x as used in the pdftops filter in CUPS 1.1.17 1.1.22 and 1.3.7 GPdf and kdegraphics KPDF allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow possibly related to (1) Decrypt.cxx (2) FoFiTrueType.cxx (3) gmem.c (4) JBIG2Stream.cxx and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35340 http://secunia.com/advisories/35685 http://secunia.com/advisories/37023 http://secunia.com/advisories/37028 http://secunia.com/advisories/37037 http://secunia.com/advisories/37043 http://secunia.com/advisories/37077 http://secunia.com/advisories/37079 http://securitytracker.com/id?1022326 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 http://www.redhat.com/support/errata/RHSA-2009-1083.html http://www.securityfocus.com/bid/35195 http://www.vupen.com/english/advisories/2009/1488 http://www.vupen.com/english/advisories/2009/2928 https://bugzilla.redhat.com/show_bug.cgi?id=491840 https://exchange.xforce.ibmcloud.com/vulnerabilities/50941 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10534 https://rhn.redhat.com/errata/RHSA-2009-1500.html https://rhn.redhat.com/errata/RHSA-2009-1501.html https://rhn.redhat.com/errata/RHSA-2009-1502.html https://rhn.redhat.com/errata/RHSA-2009-1503.html https://rhn.redhat.com/errata/RHSA-2009-1512.html