Executive Summary
Summary | |
---|---|
Title | poppler regression |
Informations | |||
---|---|---|---|
Name | USN-850-2 | First vendor Publication | 2009-10-22 |
Vendor | Ubuntu | Last vendor Modification | 2009-10-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler contained multiple security issues when |
Original Source
Url : http://www.ubuntu.com/usn/USN-850-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7731 | |||
Oval ID: | oval:org.mitre.oval:def:7731 | ||
Title: | Multiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3605 | Version: | 2 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-11-18 | Name : Mandriva Update for poppler MDVSA-2011:175 (poppler) File : nvt/gb_mandriva_MDVSA_2011_175.nasl |
2010-03-12 | Name : Mandriva Update for poppler MDVSA-2010:055 (poppler) File : nvt/gb_mandriva_MDVSA_2010_055.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:334 (poppler) File : nvt/mdksa_2009_334.nasl |
2009-11-11 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf2.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-10-27 | Name : Fedora Core 11 FEDORA-2009-10648 (xpdf) File : nvt/fcore_2009_10648.nasl |
2009-10-27 | Name : Fedora Core 10 FEDORA-2009-10694 (xpdf) File : nvt/fcore_2009_10694.nasl |
2009-10-27 | Name : Ubuntu USN-850-1 (poppler) File : nvt/ubuntu_850_1.nasl |
2009-10-27 | Name : Ubuntu USN-850-2 (poppler) File : nvt/ubuntu_850_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-01 xpdf File : nvt/esoft_slk_ssa_2009_302_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-02 poppler File : nvt/esoft_slk_ssa_2009_302_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59825 | Poppler PDF Handling Multiple Unspecified Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6560.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-055.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1941.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-091023.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-091024.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6558.nasl - Type : ACT_GATHER_INFO |
2009-11-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6556.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-01.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-02.nasl - Type : ACT_GATHER_INFO |
2009-10-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-2.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:21 |
|