Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831494
Category:Mandrake Local Security Checks
Title:Mandriva Update for poppler MDVSA-2011:175 (poppler)
Summary:The remote host is missing an update for the 'poppler'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'poppler'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Multiple security vulnerabilities has been discovered and corrected
in poppler:

An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).

Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).

An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).

A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).

A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).

Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).

An integer overflow in the JBIG2 decoding feature allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).

An integer overflow in the JBIG2 decoding feature allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted PDF document (CVE-2009-1188).

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).

Multiple integer overflows allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a crafted PDF file, related to (1) glib/poppler-page.cc, (2)
ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)
JBIG2Stream.cc, (6) PSO ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
poppler on Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0799
BugTraq ID: 34568
http://www.securityfocus.com/bid/34568
CERT/CC vulnerability note: VU#196617
http://www.kb.cert.org/vuls/id/196617
Debian Security Information: DSA-1790 (Google Search)
http://www.debian.org/security/2009/dsa-1790
Debian Security Information: DSA-1793 (Google Search)
http://www.debian.org/security/2009/dsa-1793
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RedHat Security Advisories: RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securitytracker.com/id?1022072
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34746
http://secunia.com/advisories/34755
http://secunia.com/advisories/34756
http://secunia.com/advisories/34852
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/34991
http://secunia.com/advisories/35037
http://secunia.com/advisories/35064
http://secunia.com/advisories/35065
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SuSE Security Announcement: SUSE-SA:2009:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2010/1040
Common Vulnerability Exposure (CVE) ID: CVE-2009-0800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
http://www.securitytracker.com/id?1022073
Common Vulnerability Exposure (CVE) ID: CVE-2009-1179
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892
http://secunia.com/advisories/35379
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
Common Vulnerability Exposure (CVE) ID: CVE-2009-1180
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926
Common Vulnerability Exposure (CVE) ID: CVE-2009-1181
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
Common Vulnerability Exposure (CVE) ID: CVE-2009-1183
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769
Common Vulnerability Exposure (CVE) ID: CVE-2009-1187
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/502761/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
XForce ISS Database: poppler-jbig2-cairooutputdev-code-excution(50184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
Common Vulnerability Exposure (CVE) ID: CVE-2009-1188
Debian Security Information: DSA-2028 (Google Search)
http://www.debian.org/security/2010/dsa-2028
Debian Security Information: DSA-2050 (Google Search)
http://www.debian.org/security/2010/dsa-2050
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9957
RedHat Security Advisories: RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RedHat Security Advisories: RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RedHat Security Advisories: RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RedHat Security Advisories: RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37053
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
XForce ISS Database: poppler-jbig2-splashbitmap-code-execution(50185)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50185
Common Vulnerability Exposure (CVE) ID: CVE-2009-3603
BugTraq ID: 36703
http://www.securityfocus.com/bid/36703
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671
RedHat Security Advisories: RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
http://securitytracker.com/id?1023029
http://secunia.com/advisories/37034
http://secunia.com/advisories/37054
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
http://www.vupen.com/english/advisories/2009/2925
XForce ISS Database: xpdf-splashbitmap-bo(53793)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53793
Common Vulnerability Exposure (CVE) ID: CVE-2009-3604
http://site.pi3.com.pl/adv/xpdf.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
RedHat Security Advisories: RHSA-2009:1500
https://rhn.redhat.com/errata/RHSA-2009-1500.html
http://secunia.com/advisories/37023
http://secunia.com/advisories/37042
XForce ISS Database: xpdf-splashdrawimage-bo(53795)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
Common Vulnerability Exposure (CVE) ID: CVE-2009-0791
BugTraq ID: 35195
http://www.securityfocus.com/bid/35195
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://securitytracker.com/id?1022326
http://secunia.com/advisories/35340
http://www.vupen.com/english/advisories/2009/1488
XForce ISS Database: cups-pdftops-filter-bo(50941)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
Common Vulnerability Exposure (CVE) ID: CVE-2009-3605
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731
Common Vulnerability Exposure (CVE) ID: CVE-2009-3606
Debian Security Information: DSA-1941 (Google Search)
http://www.debian.org/security/2009/dsa-1941
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836
XForce ISS Database: xpdf-psoutputdev-bo(53798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53798
Common Vulnerability Exposure (CVE) ID: CVE-2009-3607
BugTraq ID: 36718
http://www.securityfocus.com/bid/36718
XForce ISS Database: poppler-createsurfacefromthumbnaildata-bo(53801)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53801
Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
http://www.ocert.org/advisories/ocert-2009-016.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
RedHat Security Advisories: RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://secunia.com/advisories/37051
http://secunia.com/advisories/37061
http://www.vupen.com/english/advisories/2009/2926
XForce ISS Database: xpdf-objectstream-bo(53794)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
Common Vulnerability Exposure (CVE) ID: CVE-2009-3609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
http://www.redhat.com/support/errata/RHSA-2010-0755.html
XForce ISS Database: xpdf-imagestream-dos(53800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
Common Vulnerability Exposure (CVE) ID: CVE-2009-3938
BugTraq ID: 36976
http://www.securityfocus.com/bid/36976
http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edit
http://secunia.com/advisories/37333
http://www.vupen.com/english/advisories/2009/3227
XForce ISS Database: poppler-abwoutputdev-bo(54215)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54215
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.