Detections
Analytics
CVE-2009-0791
high
Description
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
References
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://bugzilla.redhat.com/show_bug.cgi?id=491840
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2009/1488
http://www.securityfocus.com/bid/35195
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://securitytracker.com/id?1022326
http://secunia.com/advisories/37079
http://secunia.com/advisories/37077
http://secunia.com/advisories/37043
http://secunia.com/advisories/37037
http://secunia.com/advisories/37028
http://secunia.com/advisories/37023
http://secunia.com/advisories/35685
http://secunia.com/advisories/35340
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html