English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66381
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)
Summary:The remote host is missing an update to xpdf;announced via advisory MDVSA-2009:287-1.
Description:Summary:
The remote host is missing an update to xpdf
announced via advisory MDVSA-2009:287-1.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in xpdf:

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf
before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might
allow remote attackers to execute arbitrary code via a crafted PDF
document that triggers a heap-based buffer overflow (CVE-2009-3606).

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).

Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).

This update fixes these vulnerabilities.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1188
20090417 rPSA-2009-0059-1 poppler
http://www.securityfocus.com/archive/1/502761/100/0/threaded
34568
http://www.securityfocus.com/bid/34568
34746
http://secunia.com/advisories/34746
35064
http://secunia.com/advisories/35064
35618
http://secunia.com/advisories/35618
37028
http://secunia.com/advisories/37028
37037
http://secunia.com/advisories/37037
37043
http://secunia.com/advisories/37043
37053
http://secunia.com/advisories/37053
37077
http://secunia.com/advisories/37077
37079
http://secunia.com/advisories/37079
39327
http://secunia.com/advisories/39327
39938
http://secunia.com/advisories/39938
ADV-2009-1076
http://www.vupen.com/english/advisories/2009/1076
ADV-2009-2928
http://www.vupen.com/english/advisories/2009/2928
ADV-2010-0802
http://www.vupen.com/english/advisories/2010/0802
ADV-2010-1040
http://www.vupen.com/english/advisories/2010/1040
ADV-2010-1220
http://www.vupen.com/english/advisories/2010/1220
DSA-2028
http://www.debian.org/security/2010/dsa-2028
DSA-2050
http://www.debian.org/security/2010/dsa-2050
FEDORA-2009-6972
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
FEDORA-2009-6973
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
FEDORA-2009-6982
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
FEDORA-2010-1377
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
FEDORA-2010-1805
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
FEDORA-2010-1842
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
MDVSA-2011:175
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
RHSA-2009:0480
http://www.redhat.com/support/errata/RHSA-2009-0480.html
RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
VU#196617
http://www.kb.cert.org/vuls/id/196617
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://poppler.freedesktop.org/releases.html
http://wiki.rpath.com/Advisories:rPSA-2009-0059
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://bugzilla.redhat.com/show_bug.cgi?id=495907
https://bugzilla.redhat.com/show_bug.cgi?id=526915
oval:org.mitre.oval:def:9957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9957
poppler-jbig2-splashbitmap-code-execution(50185)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50185
Common Vulnerability Exposure (CVE) ID: CVE-2009-3603
1021706
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
1023029
http://securitytracker.com/id?1023029
274030
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
36703
http://www.securityfocus.com/bid/36703
37034
http://secunia.com/advisories/37034
37054
http://secunia.com/advisories/37054
37114
http://secunia.com/advisories/37114
37159
http://secunia.com/advisories/37159
ADV-2009-2924
http://www.vupen.com/english/advisories/2009/2924
ADV-2009-2925
http://www.vupen.com/english/advisories/2009/2925
FEDORA-2009-10823
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
FEDORA-2009-10845
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
SUSE-SR:2009:018
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
USN-850-1
http://www.ubuntu.com/usn/USN-850-1
USN-850-3
http://www.ubuntu.com/usn/USN-850-3
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://poppler.freedesktop.org/
oval:org.mitre.oval:def:9671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671
xpdf-splashbitmap-bo(53793)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53793
Common Vulnerability Exposure (CVE) ID: CVE-2009-3604
37023
http://secunia.com/advisories/37023
37042
http://secunia.com/advisories/37042
RHSA-2009:1500
https://rhn.redhat.com/errata/RHSA-2009-1500.html
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
http://site.pi3.com.pl/adv/xpdf.txt
https://bugzilla.redhat.com/show_bug.cgi?id=526911
oval:org.mitre.oval:def:10969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
xpdf-splashdrawimage-bo(53795)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
Common Vulnerability Exposure (CVE) ID: CVE-2009-3606
DSA-1941
http://www.debian.org/security/2009/dsa-1941
[oss-security] 20091130 Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/1
[oss-security] 20091130 Re: Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/5
[oss-security] 20091201 Re: Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61
https://bugzilla.redhat.com/show_bug.cgi?id=526877
oval:org.mitre.oval:def:11289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289
oval:org.mitre.oval:def:7836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836
xpdf-psoutputdev-bo(53798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53798
Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
37051
http://secunia.com/advisories/37051
37061
http://secunia.com/advisories/37061
ADV-2009-2926
http://www.vupen.com/english/advisories/2009/2926
MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://www.ocert.org/advisories/ocert-2009-016.html
https://bugzilla.redhat.com/show_bug.cgi?id=526637
oval:org.mitre.oval:def:9536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
xpdf-objectstream-bo(53794)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
Common Vulnerability Exposure (CVE) ID: CVE-2009-3609
RHSA-2010:0755
http://www.redhat.com/support/errata/RHSA-2010-0755.html
https://bugzilla.redhat.com/show_bug.cgi?id=526893
oval:org.mitre.oval:def:11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
oval:org.mitre.oval:def:8134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
xpdf-imagestream-dos(53800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.