Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0756

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0756
Last Modified 07 Jul 2009 01:31:33
Published 03 Mar 2009 11:30:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0756

Summary

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

Vulnerable Systems

Application

  • Poppler 0.1

  • Poppler 0.1.1

  • Poppler 0.1.2

  • Poppler 0.10.1

  • Poppler 0.10.2

  • Poppler 0.10.3

  • Poppler 0.2.0

  • Poppler 0.3.0

  • Poppler 0.3.1

  • Poppler 0.3.2

  • Poppler 0.3.3

  • Poppler 0.4.0

  • Poppler 0.4.1

  • Poppler 0.4.2

  • Poppler 0.4.3

  • Poppler 0.4.4

  • Poppler 0.5.0

  • Poppler 0.5.1

  • Poppler 0.5.2

  • Poppler 0.5.3

  • Poppler 0.5.4

  • Poppler 0.5.9

  • Poppler 0.5.90

  • Poppler 0.5.91

  • Poppler 0.6.0

  • Poppler 0.6.1

  • Poppler 0.6.2

  • Poppler 0.6.3

  • Poppler 0.6.4

  • Poppler 0.7.0

  • Poppler 0.7.1

  • Poppler 0.7.2

  • Poppler 0.7.3

  • Poppler 0.8.4


References

BID - 33749

BUGTRAQ - 20090417 rPSA-2009-0059-1 poppler

MLIST - [oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities

MLIST - [oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0059

SECUNIA - 35685

SECUNIA - 33853

SUSE - SUSE-SR:2009:012

MLIST - [poppler] 20090123 poppler/JBIG2Stream.cc

CONFIRM - http://bugs.freedesktop.org/show_bug.cgi?id=19702


Last Updated: 27 May 2016 10:50:22