English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70515
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2011:175 (poppler)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to poppler
announced via advisory MDVSA-2011:175.

Multiple security vulnerabilities has been discovered and corrected
in poppler:

An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).

Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).

An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).

A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).

A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).

Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).

An integer overflow in the JBIG2 decoding feature allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).

An integer overflow in the JBIG2 decoding feature allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted PDF document (CVE-2009-1188).

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).

Multiple integer overflows allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a crafted PDF file, related to (1) glib/poppler-page.cc
(2)
ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)
JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc
in poppler/
and (8) SplashBitmap.cc, (9) Splash.cc, and (10)
SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791
(CVE-2009-3605).

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf
before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might
allow remote attackers to execute arbitrary code via a crafted PDF
document that triggers a heap-based buffer overflow (CVE-2009-3606).

Integer overflow in the create_surface_from_thumbnail_data function
in glib/poppler-page.cc allows remote attackers to cause a denial of
service (memory corruption) or possibly execute arbitrary code via a
crafted PDF document that triggers a heap-based buffer overflow. NOTE:
some of these details are obtained from third party information
(CVE-2009-3607).

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).

Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).

Buffer overflow in the ABWOutputDev::endWord function in
poppler/ABWOutputDev.cc as used by the Abiword pdftoabw utility,
allows user-assisted remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted PDF file (CVE-2009-3938).

The updated packages have been patched to correct these issues.

Affected: Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:175

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0799
1022072
http://www.securitytracker.com/id?1022072
34291
http://secunia.com/advisories/34291
34481
http://secunia.com/advisories/34481
34568
http://www.securityfocus.com/bid/34568
34746
http://secunia.com/advisories/34746
34755
http://secunia.com/advisories/34755
34756
http://secunia.com/advisories/34756
34852
http://secunia.com/advisories/34852
34959
http://secunia.com/advisories/34959
34963
http://secunia.com/advisories/34963
34991
http://secunia.com/advisories/34991
35037
http://secunia.com/advisories/35037
35064
http://secunia.com/advisories/35064
35065
http://secunia.com/advisories/35065
35618
http://secunia.com/advisories/35618
35685
http://secunia.com/advisories/35685
ADV-2009-1065
http://www.vupen.com/english/advisories/2009/1065
ADV-2009-1066
http://www.vupen.com/english/advisories/2009/1066
ADV-2009-1076
http://www.vupen.com/english/advisories/2009/1076
ADV-2009-1077
http://www.vupen.com/english/advisories/2009/1077
ADV-2010-1040
http://www.vupen.com/english/advisories/2010/1040
DSA-1790
http://www.debian.org/security/2009/dsa-1790
DSA-1793
http://www.debian.org/security/2009/dsa-1793
FEDORA-2009-6972
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
FEDORA-2009-6973
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
FEDORA-2009-6982
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
MDVSA-2011:175
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
RHSA-2009:0429
http://www.redhat.com/support/errata/RHSA-2009-0429.html
RHSA-2009:0430
http://www.redhat.com/support/errata/RHSA-2009-0430.html
RHSA-2009:0431
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
RHSA-2009:0480
http://www.redhat.com/support/errata/RHSA-2009-0480.html
SSA:2009-129-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SUSE-SA:2009:024
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
SUSE-SR:2009:010
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SUSE-SR:2009:012
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
VU#196617
http://www.kb.cert.org/vuls/id/196617
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886
http://poppler.freedesktop.org/releases.html
oval:org.mitre.oval:def:10204
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204
Common Vulnerability Exposure (CVE) ID: CVE-2009-0800
1022073
http://www.securitytracker.com/id?1022073
https://bugzilla.redhat.com/show_bug.cgi?id=495887
oval:org.mitre.oval:def:11323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
Common Vulnerability Exposure (CVE) ID: CVE-2009-1179
35379
http://secunia.com/advisories/35379
ADV-2009-1522
http://www.vupen.com/english/advisories/2009/1522
ADV-2009-1621
http://www.vupen.com/english/advisories/2009/1621
APPLE-SA-2009-06-08-1
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
APPLE-SA-2009-06-17-1
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
https://bugzilla.redhat.com/show_bug.cgi?id=495889
oval:org.mitre.oval:def:11892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892
Common Vulnerability Exposure (CVE) ID: CVE-2009-1180
https://bugzilla.redhat.com/show_bug.cgi?id=495892
oval:org.mitre.oval:def:9926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926
Common Vulnerability Exposure (CVE) ID: CVE-2009-1181
https://bugzilla.redhat.com/show_bug.cgi?id=495894
oval:org.mitre.oval:def:9683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1182
https://bugzilla.redhat.com/show_bug.cgi?id=495896
oval:org.mitre.oval:def:10735
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
Common Vulnerability Exposure (CVE) ID: CVE-2009-1183
https://bugzilla.redhat.com/show_bug.cgi?id=495899
oval:org.mitre.oval:def:10769
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769
Common Vulnerability Exposure (CVE) ID: CVE-2009-1187
20090417 rPSA-2009-0059-1 poppler
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://wiki.rpath.com/Advisories:rPSA-2009-0059
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
oval:org.mitre.oval:def:10292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
poppler-jbig2-cairooutputdev-code-excution(50184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
Common Vulnerability Exposure (CVE) ID: CVE-2009-1188
37028
http://secunia.com/advisories/37028
37037
http://secunia.com/advisories/37037
37043
http://secunia.com/advisories/37043
37053
http://secunia.com/advisories/37053
37077
http://secunia.com/advisories/37077
37079
http://secunia.com/advisories/37079
39327
http://secunia.com/advisories/39327
39938
http://secunia.com/advisories/39938
ADV-2009-2928
http://www.vupen.com/english/advisories/2009/2928
ADV-2010-0802
http://www.vupen.com/english/advisories/2010/0802
ADV-2010-1220
http://www.vupen.com/english/advisories/2010/1220
DSA-2028
http://www.debian.org/security/2010/dsa-2028
DSA-2050
http://www.debian.org/security/2010/dsa-2050
FEDORA-2010-1377
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
FEDORA-2010-1805
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
FEDORA-2010-1842
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://bugzilla.redhat.com/show_bug.cgi?id=495907
https://bugzilla.redhat.com/show_bug.cgi?id=526915
oval:org.mitre.oval:def:9957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9957
poppler-jbig2-splashbitmap-code-execution(50185)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50185
Common Vulnerability Exposure (CVE) ID: CVE-2009-3603
1021706
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
1023029
http://securitytracker.com/id?1023029
274030
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
36703
http://www.securityfocus.com/bid/36703
37034
http://secunia.com/advisories/37034
37054
http://secunia.com/advisories/37054
37114
http://secunia.com/advisories/37114
37159
http://secunia.com/advisories/37159
ADV-2009-2924
http://www.vupen.com/english/advisories/2009/2924
ADV-2009-2925
http://www.vupen.com/english/advisories/2009/2925
FEDORA-2009-10823
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
FEDORA-2009-10845
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
SUSE-SR:2009:018
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
USN-850-1
http://www.ubuntu.com/usn/USN-850-1
USN-850-3
http://www.ubuntu.com/usn/USN-850-3
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://poppler.freedesktop.org/
oval:org.mitre.oval:def:9671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671
xpdf-splashbitmap-bo(53793)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53793
Common Vulnerability Exposure (CVE) ID: CVE-2009-3604
37023
http://secunia.com/advisories/37023
37042
http://secunia.com/advisories/37042
RHSA-2009:1500
https://rhn.redhat.com/errata/RHSA-2009-1500.html
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
http://site.pi3.com.pl/adv/xpdf.txt
https://bugzilla.redhat.com/show_bug.cgi?id=526911
oval:org.mitre.oval:def:10969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
xpdf-splashdrawimage-bo(53795)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
Common Vulnerability Exposure (CVE) ID: CVE-2009-0791
1022326
http://securitytracker.com/id?1022326
35195
http://www.securityfocus.com/bid/35195
35340
http://secunia.com/advisories/35340
ADV-2009-1488
http://www.vupen.com/english/advisories/2009/1488
MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
RHSA-2009:1083
http://www.redhat.com/support/errata/RHSA-2009-1083.html
cups-pdftops-filter-bo(50941)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://bugzilla.redhat.com/show_bug.cgi?id=491840
oval:org.mitre.oval:def:10534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
Common Vulnerability Exposure (CVE) ID: CVE-2009-3605
http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5
http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8
https://bugs.launchpad.net/bugs/cve/2009-3605
https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz
https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz
oval:org.mitre.oval:def:7731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731
Common Vulnerability Exposure (CVE) ID: CVE-2009-3606
DSA-1941
http://www.debian.org/security/2009/dsa-1941
[oss-security] 20091130 Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/1
[oss-security] 20091130 Re: Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/5
[oss-security] 20091201 Re: Need more information on recent poppler issues
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61
https://bugzilla.redhat.com/show_bug.cgi?id=526877
oval:org.mitre.oval:def:11289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289
oval:org.mitre.oval:def:7836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836
xpdf-psoutputdev-bo(53798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53798
Common Vulnerability Exposure (CVE) ID: CVE-2009-3607
36718
http://www.securityfocus.com/bid/36718
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706
https://bugzilla.redhat.com/show_bug.cgi?id=526924
poppler-createsurfacefromthumbnaildata-bo(53801)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53801
Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
37051
http://secunia.com/advisories/37051
37061
http://secunia.com/advisories/37061
ADV-2009-2926
http://www.vupen.com/english/advisories/2009/2926
RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://www.ocert.org/advisories/ocert-2009-016.html
https://bugzilla.redhat.com/show_bug.cgi?id=526637
oval:org.mitre.oval:def:9536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
xpdf-objectstream-bo(53794)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
Common Vulnerability Exposure (CVE) ID: CVE-2009-3609
RHSA-2010:0755
http://www.redhat.com/support/errata/RHSA-2010-0755.html
https://bugzilla.redhat.com/show_bug.cgi?id=526893
oval:org.mitre.oval:def:11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
oval:org.mitre.oval:def:8134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
xpdf-imagestream-dos(53800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
Common Vulnerability Exposure (CVE) ID: CVE-2009-3938
BugTraq ID: 36976
http://www.securityfocus.com/bid/36976
Debian Security Information: DSA-1941 (Google Search)
http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edit
http://secunia.com/advisories/37333
http://www.vupen.com/english/advisories/2009/3227
XForce ISS Database: poppler-abwoutputdev-bo(54215)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54215
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.