Executive Summary
Summary | |
---|---|
Title | kdegraphics security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1512 | First vendor Publication | 2009-10-15 |
Vendor | RedHat | Last vendor Modification | 2009-10-15 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1512.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
80 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
20 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10969 | |||
Oval ID: | oval:org.mitre.oval:def:10969 | ||
Title: | The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. | ||
Description: | The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3604 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13322 | |||
Oval ID: | oval:org.mitre.oval:def:13322 | ||
Title: | USN-850-3 -- poppler vulnerabilities | ||
Description: | USN-850-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for Ubuntu 9.10. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-850-3 CVE-2009-3603 CVE-2009-3604 CVE-2009-3607 CVE-2009-3608 CVE-2009-3609 | Version: | 5 |
Platform(s): | Ubuntu 9.10 | Product(s): | poppler |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13382 | |||
Oval ID: | oval:org.mitre.oval:def:13382 | ||
Title: | DSA-2028-1 xpdf -- multiple | ||
Description: | Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. CVE-2009-3604 NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. CVE-2009-3606 Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3608 Integer overflows in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. CVE-2009-3609 Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. For the stable distribution, this problem has been fixed in version 3.02-1.4+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.02-2. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2028-1 CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xpdf |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22899 | |||
Oval ID: | oval:org.mitre.oval:def:22899 | ||
Title: | ELSA-2009:1513: cups security update (Moderate) | ||
Description: | Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1513-01 CVE-2009-3608 CVE-2009-3609 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22929 | |||
Oval ID: | oval:org.mitre.oval:def:22929 | ||
Title: | ELSA-2009:1502: kdegraphics security update (Important) | ||
Description: | Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1502-01 CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | kdegraphics |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22959 | |||
Oval ID: | oval:org.mitre.oval:def:22959 | ||
Title: | ELSA-2009:1504: poppler security and bug fix update (Important) | ||
Description: | Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1504-01 CVE-2009-3603 CVE-2009-3608 CVE-2009-3609 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | poppler |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28897 | |||
Oval ID: | oval:org.mitre.oval:def:28897 | ||
Title: | RHSA-2009:1502 -- kdegraphics security update (Important) | ||
Description: | Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1502 CESA-2009:1502-CentOS 5 CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kdegraphics |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28916 | |||
Oval ID: | oval:org.mitre.oval:def:28916 | ||
Title: | RHSA-2009:1504 -- poppler security and bug fix update (Important) | ||
Description: | Updated poppler packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1504 CESA-2009:1504-CentOS 5 CVE-2009-3603 CVE-2009-3608 CVE-2009-3609 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | poppler |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29310 | |||
Oval ID: | oval:org.mitre.oval:def:29310 | ||
Title: | RHSA-2009:1513 -- cups security update (Moderate) | ||
Description: | Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1513 CESA-2009:1513-CentOS 5 CVE-2009-3608 CVE-2009-3609 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6990 | |||
Oval ID: | oval:org.mitre.oval:def:6990 | ||
Title: | DSA-2028 xpdf -- multiple vulnerabilities | ||
Description: | Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2028 CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xpdf |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8134 | |||
Oval ID: | oval:org.mitre.oval:def:8134 | ||
Title: | Multiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary Code | ||
Description: | Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3609 | Version: | 2 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9536 | |||
Oval ID: | oval:org.mitre.oval:def:9536 | ||
Title: | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | ||
Description: | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3608 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9957 | |||
Oval ID: | oval:org.mitre.oval:def:9957 | ||
Title: | Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | ||
Description: | Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1188 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-11-18 | Name : Mandriva Update for poppler MDVSA-2011:175 (poppler) File : nvt/gb_mandriva_MDVSA_2011_175.nasl |
2011-08-09 | Name : CentOS Update for gpdf CESA-2009:1503 centos4 i386 File : nvt/gb_CESA-2009_1503_gpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2009:1504 centos5 i386 File : nvt/gb_CESA-2009_1504_poppler_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:1512 centos4 i386 File : nvt/gb_CESA-2009_1512_kdegraphics_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2009:0480 centos5 i386 File : nvt/gb_CESA-2009_0480_poppler_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:1083 centos3 i386 File : nvt/gb_CESA-2009_1083_cups_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for xpdf CESA-2009:1500 centos3 i386 File : nvt/gb_CESA-2009_1500_xpdf_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for xpdf CESA-2009:1501 centos4 i386 File : nvt/gb_CESA-2009_1501_xpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:1502 centos5 i386 File : nvt/gb_CESA-2009_1502_kdegraphics_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:1513 centos5 i386 File : nvt/gb_CESA-2009_1513_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for tetex CESA-2010:0400 centos5 i386 File : nvt/gb_CESA-2010_0400_tetex_centos5_i386.nasl |
2010-10-19 | Name : CentOS Update for cups CESA-2010:0755 centos4 i386 File : nvt/gb_CESA-2010_0755_cups_centos4_i386.nasl |
2010-10-19 | Name : RedHat Update for cups RHSA-2010:0755-01 File : nvt/gb_RHSA-2010_0755-01_cups.nasl |
2010-08-20 | Name : Ubuntu Update for koffice vulnerabilities USN-973-1 File : nvt/gb_ubuntu_USN_973_1.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2050-1 (kdegraphics) File : nvt/deb_2050_1.nasl |
2010-05-17 | Name : Mandriva Update for tetex MDVSA-2010:094 (tetex) File : nvt/gb_mandriva_MDVSA_2010_094.nasl |
2010-05-17 | Name : CentOS Update for tetex CESA-2010:0399 centos4 i386 File : nvt/gb_CESA-2010_0399_tetex_centos4_i386.nasl |
2010-05-17 | Name : CentOS Update for tetex CESA-2010:0401 centos3 i386 File : nvt/gb_CESA-2010_0401_tetex_centos3_i386.nasl |
2010-05-07 | Name : RedHat Update for tetex RHSA-2010:0400-01 File : nvt/gb_RHSA-2010_0400-01_tetex.nasl |
2010-05-07 | Name : RedHat Update for tetex RHSA-2010:0401-01 File : nvt/gb_RHSA-2010_0401-01_tetex.nasl |
2010-05-07 | Name : RedHat Update for tetex RHSA-2010:0399-01 File : nvt/gb_RHSA-2010_0399-01_tetex.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2028-1 (xpdf) File : nvt/deb_2028_1.nasl |
2010-03-12 | Name : Mandriva Update for irqbalance MDVA-2010:086 (irqbalance) File : nvt/gb_mandriva_MDVA_2010_086.nasl |
2010-03-12 | Name : Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_087.nasl |
2010-03-12 | Name : Mandriva Update for nufw MDVA-2010:094 (nufw) File : nvt/gb_mandriva_MDVA_2010_094.nasl |
2010-03-12 | Name : Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_096.nasl |
2010-03-12 | Name : Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_096_1.nasl |
2010-03-12 | Name : Mandriva Update for poppler MDVSA-2010:055 (poppler) File : nvt/gb_mandriva_MDVSA_2010_055.nasl |
2010-03-02 | Name : Fedora Update for pdfedit FEDORA-2010-1842 File : nvt/gb_fedora_2010_1842_pdfedit_fc11.nasl |
2010-03-02 | Name : Fedora Update for pdfedit FEDORA-2010-1377 File : nvt/gb_fedora_2010_1377_pdfedit_fc12.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:334 (poppler) File : nvt/mdksa_2009_334.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:336 (koffice) File : nvt/mdksa_2009_336.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:282-1 (cups) File : nvt/mdksa_2009_282_1.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:331 (kdegraphics) File : nvt/mdksa_2009_331.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:287-1 (xpdf) File : nvt/mdksa_2009_287_1.nasl |
2009-12-03 | Name : Debian Security Advisory DSA 1941-1 (poppler) File : nvt/deb_1941_1.nasl |
2009-11-23 | Name : Ubuntu USN-850-3 (poppler) File : nvt/ubuntu_850_3.nasl |
2009-11-17 | Name : SLES10: Security update for kdegraphics3-pdf File : nvt/sles10_kdegraphics3-pd0.nasl |
2009-11-11 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf2.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1513 (cups) File : nvt/ovcesa2009_1513.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1504 (poppler) File : nvt/ovcesa2009_1504.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1502 (kdegraphics) File : nvt/ovcesa2009_1502.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10845 (poppler) File : nvt/fcore_2009_10845.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10823 (poppler) File : nvt/fcore_2009_10823.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-10-27 | Name : FreeBSD Ports: xpdf File : nvt/freebsd_xpdf4.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:287 (xpdf) File : nvt/mdksa_2009_287.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:283 (cups) File : nvt/mdksa_2009_283.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:282 (cups) File : nvt/mdksa_2009_282.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:281 (cups) File : nvt/mdksa_2009_281.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:280 (cups) File : nvt/mdksa_2009_280.nasl |
2009-10-27 | Name : Ubuntu USN-850-1 (poppler) File : nvt/ubuntu_850_1.nasl |
2009-10-27 | Name : Fedora Core 11 FEDORA-2009-10648 (xpdf) File : nvt/fcore_2009_10648.nasl |
2009-10-27 | Name : Fedora Core 10 FEDORA-2009-10694 (xpdf) File : nvt/fcore_2009_10694.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1512 File : nvt/RHSA_2009_1512.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1512 (kdegraphics) File : nvt/ovcesa2009_1512.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1503 (gpdf) File : nvt/ovcesa2009_1503.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1501 (xpdf) File : nvt/ovcesa2009_1501.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1500 (xpdf) File : nvt/ovcesa2009_1500.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1500 File : nvt/RHSA_2009_1500.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1501 File : nvt/RHSA_2009_1501.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1502 File : nvt/RHSA_2009_1502.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1503 File : nvt/RHSA_2009_1503.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1513 File : nvt/RHSA_2009_1513.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1504 File : nvt/RHSA_2009_1504.nasl |
2009-10-13 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf0.nasl |
2009-10-13 | Name : SLES10: Security update for CUPS File : nvt/sles10_cups2.nasl |
2009-10-11 | Name : SLES11: Security update for xpdf File : nvt/sles11_xpdf-tools.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5051582.nasl |
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-6972 (poppler) File : nvt/fcore_2009_6972.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6982 (poppler) File : nvt/fcore_2009_6982.nasl |
2009-06-30 | Name : Fedora Core 10 FEDORA-2009-6973 (poppler) File : nvt/fcore_2009_6973.nasl |
2009-06-16 | Name : CUPS Denial of Service Vulnerability - Jun09 File : nvt/gb_cups_dos_vuln_jun09.nasl |
2009-06-05 | Name : CentOS Security Advisory CESA-2009:1083 (cups) File : nvt/ovcesa2009_1083.nasl |
2009-06-05 | Name : RedHat Security Advisory RHSA-2009:1083 File : nvt/RHSA_2009_1083.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:0480 File : nvt/RHSA_2009_0480.nasl |
2009-05-20 | Name : CentOS Security Advisory CESA-2009:0480 (poppler) File : nvt/ovcesa2009_0480.nasl |
2009-04-20 | Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl |
2009-04-20 | Name : FreeBSD Ports: poppler File : nvt/freebsd_poppler0.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-01 xpdf File : nvt/esoft_slk_ssa_2009_302_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-02 poppler File : nvt/esoft_slk_ssa_2009_302_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59824 | Poppler pdftops Filter PDF File Handling Multiple Unspecified Overflows |
59184 | Poppler XRef.cc ObjectStream::ObjectStream Function PDF Handling Overflow |
59183 | Xpdf XRef.cc ObjectStream::ObjectStream Function PDF Handling Overflow |
59180 | Poppler Stream.cc ImageStream::ImageStream Function PDF Handling Overflow |
59179 | Xpdf Stream.cc ImageStream::ImageStream Function PDF Handling Overflow |
59176 | Poppler Splash.cc Splash::drawImage Function PDF Handling Arbitrary Code Exec... |
59175 | Xpdf Splash.cc Splash::drawImage Function PDF Handling Arbitrary Code Execution |
56176 | CUPS pdftops Filter PDF File Handling Multiple Unspecified Overflows |
54808 | Poppler JBIG2 Decoder SplashBitmap Handling Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | xpdf ObjectStream integer overflow RuleID : 24266 - Revision : 4 - Type : FILE-PDF |
2014-01-10 | Xpdf Splash DrawImage integer overflow attempt RuleID : 16355 - Revision : 10 - Type : FILE-PDF |
2014-01-10 | XPDF ObjectStream integer overflow RuleID : 16335 - Revision : 9 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0480.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1083.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1500.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1501.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1503.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1512.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1513.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0399.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0401.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0755.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090513_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090603_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091015_gpdf_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_kdegraphics_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091015_xpdf_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101007_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0755.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-6721.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-pdf-6652.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_poppler-6743.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6560.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0755.nasl - Type : ACT_GATHER_INFO |
2010-08-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-973-1.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-280.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1377.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1805.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1842.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2010-05-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2050.nasl - Type : ACT_GATHER_INFO |
2010-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-094.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0399.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0401.nasl - Type : ACT_GATHER_INFO |
2010-05-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0399.nasl - Type : ACT_GATHER_INFO |
2010-05-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0401.nasl - Type : ACT_GATHER_INFO |
2010-04-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2028.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-055.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1941.nasl - Type : ACT_GATHER_INFO |
2010-01-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpoppler-devel-100111.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0480.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1501.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1502.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1503.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1512.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1513.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpoppler-devel-091223.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpoppler-devel-091222.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote SuSE system is missing a security patch for libpoppler-devel File : suse_11_2_libpoppler-devel-091222.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpoppler-devel-091221.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_poppler-6751.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12561.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-6720.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-336.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kdegraphics3-pdf-091110.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdegraphics3-pdf-091110.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote openSUSE host is missing a security update. File : suse_cups-6565.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-pdf-6653.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-091023.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-091024.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6558.nasl - Type : ACT_GATHER_INFO |
2009-11-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6556.nasl - Type : ACT_GATHER_INFO |
2009-11-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-3.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-01.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-02.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10823.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10845.nasl - Type : ACT_GATHER_INFO |
2009-10-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-287.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10648.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10694.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-1.nasl - Type : ACT_GATHER_INFO |
2009-10-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-282.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1500.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1500.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1501.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1502.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1503.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1512.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1513.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6376.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12434.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_xpdf-090727.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-6279.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6378.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-090727.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-090727.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6972.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6973.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6982.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_cups-6285.nasl - Type : ACT_GATHER_INFO |
2009-06-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1083.nasl - Type : ACT_GATHER_INFO |
2009-06-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1083.nasl - Type : ACT_GATHER_INFO |
2009-05-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0480.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-759-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:58 |
|