Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0791

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-0791
Last Modified 21 Aug 2010 01:30:57
Published 09 Jun 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0791

Summary

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.

Vulnerable Systems

Application

  • Apple Cups 1.1.17

  • Apple Cups 1.1.22

  • Apple Cups 1.3.7


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=491840

REDHAT - RHSA-2009:1512

REDHAT - RHSA-2009:1503

REDHAT - RHSA-2009:1502

REDHAT - RHSA-2009:1501

REDHAT - RHSA-2009:1500

XF - cups-pdftops-filter-bo(50941)

VUPEN - ADV-2009-2928

VUPEN - ADV-2009-1488

BID - 35195

REDHAT - RHSA-2009:1083

MANDRIVA - MDVSA-2009:334

SECTRACK - 1022326

SECUNIA - 37079

SECUNIA - 37077

SECUNIA - 37043

SECUNIA - 37037

SECUNIA - 37028

SECUNIA - 37023

SECUNIA - 35685

SECUNIA - 35340

SUSE - SUSE-SR:2009:012


Last Updated: 27 May 2016 10:50:22