Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
https://bugzilla.redhat.com/show_bug.cgi?id=495896
http://www.vupen.com/english/advisories/2010/1040
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1065
http://www.securitytracker.com/id?1022073
http://www.securityfocus.com/bid/34568
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.kb.cert.org/vuls/id/196617
http://www.debian.org/security/2009/dsa-1793
http://www.debian.org/security/2009/dsa-1790
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
http://secunia.com/advisories/35685
http://secunia.com/advisories/35618
http://secunia.com/advisories/35065
http://secunia.com/advisories/35064
http://secunia.com/advisories/35037
http://secunia.com/advisories/34991
http://secunia.com/advisories/34963
http://secunia.com/advisories/34959
http://secunia.com/advisories/34852
http://secunia.com/advisories/34756
http://secunia.com/advisories/34755
http://secunia.com/advisories/34746
http://secunia.com/advisories/34481
http://secunia.com/advisories/34291
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://poppler.freedesktop.org/releases.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html