4.3 - CVE-2009-1183

Executive Summary

Informations
Name	CVE-2009-1183	First vendor Publication	2009-04-23
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10769

Oval ID:	oval:org.mitre.oval:def:10769
Title:	The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Description:	The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1183	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND xpdf is earlier than 1:2.02-14.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section tetex-latex is earlier than 0:2.0.2-22.0.1.EL4.16 AND kdegraphics-devel is earlier than 7:3.3.1-13.el4 AND tetex-dvips is earlier than 0:2.0.2-22.0.1.EL4.16 AND kdegraphics is earlier than 7:3.3.1-13.el4 AND tetex-fonts is earlier than 0:2.0.2-22.0.1.EL4.16 AND cups-libs is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 AND tetex is earlier than 0:2.0.2-22.0.1.EL4.16 AND gpdf is earlier than 0:2.8.2-7.7.2.el4_7.4 AND cups-devel is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 AND tetex-afm is earlier than 0:2.0.2-22.0.1.EL4.16 AND xpdf is earlier than 1:3.00-20.el4 AND tetex-xdvi is earlier than 0:2.0.2-22.0.1.EL4.16 AND tetex-doc is earlier than 0:2.0.2-22.0.1.EL4.16 AND cups is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdegraphics-devel is earlier than 7:3.5.4-12.el5_3 AND cups-lpd is earlier than 1:1.3.7-8.el5_3.4 AND tetex-dvips is earlier than 0:3.0-33.8.el5_5.5 AND kdegraphics is earlier than 7:3.5.4-12.el5_3 AND poppler is earlier than 0:0.5.4-4.4.el5_3.9 AND tetex-fonts is earlier than 0:3.0-33.8.el5_5.5 AND cups-libs is earlier than 1:1.3.7-8.el5_3.4 AND tetex is earlier than 0:3.0-33.8.el5_5.5 AND tetex-doc is earlier than 0:3.0-33.8.el5_5.5 AND poppler-devel is earlier than 0:0.5.4-4.4.el5_3.9 AND tetex-latex is earlier than 0:3.0-33.8.el5_5.5 AND poppler-utils is earlier than 0:0.5.4-4.4.el5_3.9 AND cups-devel is earlier than 1:1.3.7-8.el5_3.4 AND tetex-afm is earlier than 0:3.0-33.8.el5_5.5 AND tetex-xdvi is earlier than 0:3.0-33.8.el5_5.5 AND cups is earlier than 1:1.3.7-8.el5_3.4

Definition Id: oval:org.mitre.oval:def:13119

Oval ID:	oval:org.mitre.oval:def:13119
Title:	DSA-1790-1 xpdf -- multiple
Description:	Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialised memory. CVE-2009-0799 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file. For the old stable distribution, these problems have been fixed in version 3.01-9.1+etch6. For the stable distribution, these problems have been fixed in version 3.02-1.4+lenny1. For the unstable distribution, these problems will be fixed in a forthcoming version. We recommend that you upgrade your xpdf packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1790-1 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	xpdf
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section xpdf-common DPKG is earlier than 3.02-1.4+lenny1 AND xpdf DPKG is earlier than 3.02-1.4+lenny1 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section xpdf-utils DPKG is earlier than 3.02-1.4+lenny1 AND xpdf-reader DPKG is earlier than 3.02-1.4+lenny1

Definition Id: oval:org.mitre.oval:def:13235

Oval ID:	oval:org.mitre.oval:def:13235
Title:	DSA-1793-1 kdegraphics -- multiple
Description:	kpdf, a Portable Document Format viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialised memory. CVE-2009-0799 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file. We recommend that you upgrade your kdegraphics packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1793-1 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	7
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	kdegraphics
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdegraphics DPKG is earlier than 4:3.5.9-3+lenny1 AND kdegraphics-doc-html DPKG is earlier than 4:3.5.9-3+lenny1 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section kdegraphics-kfile-plugins DPKG is earlier than 4:3.5.9-3+lenny1 AND ksvg DPKG is earlier than 4:3.5.9-3+lenny1 AND libkscan-dev DPKG is earlier than 4:3.5.9-3+lenny1 AND kgamma DPKG is earlier than 4:3.5.9-3+lenny1 AND libkscan1 DPKG is earlier than 4:3.5.9-3+lenny1 AND kpovmodeler DPKG is earlier than 4:3.5.9-3+lenny1 AND kooka DPKG is earlier than 4:3.5.9-3+lenny1 AND kdegraphics-dev DPKG is earlier than 4:3.5.9-3+lenny1 AND kghostview DPKG is earlier than 4:3.5.9-3+lenny1 AND kfaxview DPKG is earlier than 4:3.5.9-3+lenny1 AND kviewshell DPKG is earlier than 4:3.5.9-3+lenny1 AND kview DPKG is earlier than 4:3.5.9-3+lenny1 AND kfax DPKG is earlier than 4:3.5.9-3+lenny1 AND ksnapshot DPKG is earlier than 4:3.5.9-3+lenny1 AND kmrml DPKG is earlier than 4:3.5.9-3+lenny1 AND kpdf DPKG is earlier than 4:3.5.9-3+lenny1 AND kcoloredit DPKG is earlier than 4:3.5.9-3+lenny1 AND kiconedit DPKG is earlier than 4:3.5.9-3+lenny1 AND kruler DPKG is earlier than 4:3.5.9-3+lenny1 AND kuickshow DPKG is earlier than 4:3.5.9-3+lenny1 AND kdvi DPKG is earlier than 4:3.5.9-3+lenny1 AND kdegraphics-dbg DPKG is earlier than 4:3.5.9-3+lenny1 AND kolourpaint DPKG is earlier than 4:3.5.9-3+lenny1 AND kamera DPKG is earlier than 4:3.5.9-3+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdegraphics DPKG is earlier than 4:3.5.5-3etch3 AND kdegraphics-doc-html DPKG is earlier than 4:3.5.5-3etch3 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section kdegraphics-kfile-plugins DPKG is earlier than 4:3.5.5-3etch3 AND ksvg DPKG is earlier than 4:3.5.5-3etch3 AND libkscan-dev DPKG is earlier than 4:3.5.5-3etch3 AND kgamma DPKG is earlier than 4:3.5.5-3etch3 AND libkscan1 DPKG is earlier than 4:3.5.5-3etch3 AND kpovmodeler DPKG is earlier than 4:3.5.5-3etch3 AND kooka DPKG is earlier than 4:3.5.5-3etch3 AND kdegraphics-dev DPKG is earlier than 4:3.5.5-3etch3 AND kghostview DPKG is earlier than 4:3.5.5-3etch3 AND kfaxview DPKG is earlier than 4:3.5.5-3etch3 AND kviewshell DPKG is earlier than 4:3.5.5-3etch3 AND kview DPKG is earlier than 4:3.5.5-3etch3 AND kfax DPKG is earlier than 4:3.5.5-3etch3 AND ksnapshot DPKG is earlier than 4:3.5.5-3etch3 AND kmrml DPKG is earlier than 4:3.5.5-3etch3 AND kpdf DPKG is earlier than 4:3.5.5-3etch3 AND kcoloredit DPKG is earlier than 4:3.5.5-3etch3 AND kiconedit DPKG is earlier than 4:3.5.5-3etch3 AND kruler DPKG is earlier than 4:3.5.5-3etch3 AND kuickshow DPKG is earlier than 4:3.5.5-3etch3 AND kdvi DPKG is earlier than 4:3.5.5-3etch3 AND kdegraphics-dbg DPKG is earlier than 4:3.5.5-3etch3 AND kolourpaint DPKG is earlier than 4:3.5.5-3etch3 AND kamera DPKG is earlier than 4:3.5.5-3etch3

Definition Id: oval:org.mitre.oval:def:21858

Oval ID:	oval:org.mitre.oval:def:21858
Title:	ELSA-2009:0429: cups security update (Important)
Description:	The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0429-01 CVE-2009-0146 CVE-2009-0147 CVE-2009-0163 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	53
Platform(s):	Oracle Linux 5	Product(s):	cups
Definition Synopsis:
Oracle Linux 5.x rpm test cups-lpd is earlier than 1:1.3.7-8.el5_3.4 AND cups-devel is earlier than 1:1.3.7-8.el5_3.4 AND cups-libs is earlier than 1:1.3.7-8.el5_3.4 AND cups is earlier than 1:1.3.7-8.el5_3.4

Definition Id: oval:org.mitre.oval:def:22616

Oval ID:	oval:org.mitre.oval:def:22616
Title:	ELSA-2009:0431: kdegraphics security update (Important)
Description:	The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0431-01 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	49
Platform(s):	Oracle Linux 5	Product(s):	kdegraphics
Definition Synopsis:
Oracle Linux 5.x rpm test kdegraphics is earlier than 7:3.5.4-12.el5_3 AND kdegraphics-devel is earlier than 7:3.5.4-12.el5_3

Definition Id: oval:org.mitre.oval:def:28592

Oval ID:	oval:org.mitre.oval:def:28592
Title:	RHSA-2009:0429 -- cups security update (Important)
Description:	Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0429 CESA-2009:0429-CentOS 5 CVE-2009-0146 CVE-2009-0147 CVE-2009-0163 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	cups
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section cups-devel is earlier than 1:1.3.7-8.el5_3.4 AND cups is earlier than 1:1.3.7-8.el5_3.4 AND cups-libs is earlier than 1:1.3.7-8.el5_3.4 AND cups-lpd is earlier than 1:1.3.7-8.el5_3.4 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section cups is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 AND cups-devel is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 AND cups-libs is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5

Definition Id: oval:org.mitre.oval:def:29193

Oval ID:	oval:org.mitre.oval:def:29193
Title:	RHSA-2009:0431 -- kdegraphics security update (Important)
Description:	Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179)
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0431 CESA-2009:0431-CentOS 5 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	kdegraphics
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section kdegraphics-devel is earlier than 7:3.5.4-12.el5_3 AND kdegraphics is earlier than 7:3.5.4-12.el5_3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section kdegraphics is earlier than 7:3.3.1-13.el4 AND kdegraphics-devel is earlier than 7:3.3.1-13.el4

Definition Id: oval:org.mitre.oval:def:7718

Oval ID:	oval:org.mitre.oval:def:7718
Title:	DSA-1790 xpdf -- multiple vulnerabilities
Description:	Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialised memory. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
Family:	unix	Class:	patch
Reference(s):	DSA-1790 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	xpdf
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section xpdf-common is earlier than 3.02-1.4+lenny1 AND xpdf is earlier than 3.02-1.4+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section xpdf-utils is earlier than 3.02-1.4+lenny1 AND xpdf-reader is earlier than 3.02-1.4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section xpdf-common is earlier than 3.01-9.1+etch6 AND xpdf is earlier than 3.01-9.1+etch6 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section xpdf-utils is earlier than 3.01-9.1+etch6 AND xpdf-reader is earlier than 3.01-9.1+etch6

Definition Id: oval:org.mitre.oval:def:7864

Oval ID:	oval:org.mitre.oval:def:7864
Title:	DSA-1793 kdegraphics -- multiple vulnerabilities
Description:	kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialised memory. The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. The old stable distribution (etch), these problems have been fixed in version 4:3.5.5-3etch3.
Family:	unix	Class:	patch
Reference(s):	DSA-1793 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	kdegraphics
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdegraphics is earlier than 4:3.5.9-3+lenny1 AND kdegraphics-doc-html is earlier than 4:3.5.9-3+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section kdegraphics-kfile-plugins is earlier than 4:3.5.9-3+lenny1 AND ksvg is earlier than 4:3.5.9-3+lenny1 AND libkscan-dev is earlier than 4:3.5.9-3+lenny1 AND kgamma is earlier than 4:3.5.9-3+lenny1 AND libkscan1 is earlier than 4:3.5.9-3+lenny1 AND kpovmodeler is earlier than 4:3.5.9-3+lenny1 AND kooka is earlier than 4:3.5.9-3+lenny1 AND kdegraphics-dev is earlier than 4:3.5.9-3+lenny1 AND kghostview is earlier than 4:3.5.9-3+lenny1 AND kfaxview is earlier than 4:3.5.9-3+lenny1 AND kviewshell is earlier than 4:3.5.9-3+lenny1 AND kview is earlier than 4:3.5.9-3+lenny1 AND kfax is earlier than 4:3.5.9-3+lenny1 AND ksnapshot is earlier than 4:3.5.9-3+lenny1 AND kmrml is earlier than 4:3.5.9-3+lenny1 AND kpdf is earlier than 4:3.5.9-3+lenny1 AND kcoloredit is earlier than 4:3.5.9-3+lenny1 AND kiconedit is earlier than 4:3.5.9-3+lenny1 AND kruler is earlier than 4:3.5.9-3+lenny1 AND kuickshow is earlier than 4:3.5.9-3+lenny1 AND kdvi is earlier than 4:3.5.9-3+lenny1 AND kdegraphics-dbg is earlier than 4:3.5.9-3+lenny1 AND kolourpaint is earlier than 4:3.5.9-3+lenny1 AND kamera is earlier than 4:3.5.9-3+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdegraphics is earlier than 4:3.5.5-3etch3 AND kdegraphics-doc-html is earlier than 4:3.5.5-3etch3 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section kdegraphics-kfile-plugins is earlier than 4:3.5.5-3etch3 AND ksvg is earlier than 4:3.5.5-3etch3 AND libkscan-dev is earlier than 4:3.5.5-3etch3 AND kgamma is earlier than 4:3.5.5-3etch3 AND libkscan1 is earlier than 4:3.5.5-3etch3 AND kpovmodeler is earlier than 4:3.5.5-3etch3 AND kooka is earlier than 4:3.5.5-3etch3 AND kdegraphics-dev is earlier than 4:3.5.5-3etch3 AND kghostview is earlier than 4:3.5.5-3etch3 AND kfaxview is earlier than 4:3.5.5-3etch3 AND kviewshell is earlier than 4:3.5.5-3etch3 AND kview is earlier than 4:3.5.5-3etch3 AND kfax is earlier than 4:3.5.5-3etch3 AND ksnapshot is earlier than 4:3.5.5-3etch3 AND kmrml is earlier than 4:3.5.5-3etch3 AND kpdf is earlier than 4:3.5.5-3etch3 AND kcoloredit is earlier than 4:3.5.5-3etch3 AND kiconedit is earlier than 4:3.5.5-3etch3 AND kruler is earlier than 4:3.5.5-3etch3 AND kuickshow is earlier than 4:3.5.5-3etch3 AND kdvi is earlier than 4:3.5.5-3etch3 AND kdegraphics-dbg is earlier than 4:3.5.5-3etch3 AND kolourpaint is earlier than 4:3.5.5-3etch3 AND kamera is earlier than 4:3.5.5-3etch3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Cups cpe:2.3:a:apple:cups:1.3.9:::::::* cpe:2.3:a:apple:cups:1.3.8:::::::* cpe:2.3:a:apple:cups:1.3.7:::::::* cpe:2.3:a:apple:cups:1.3.6:::::::* cpe:2.3:a:apple:cups:1.3.5:::::::* cpe:2.3:a:apple:cups:1.3.4:::::::* cpe:2.3:a:apple:cups:1.3.3:::::::* cpe:2.3:a:apple:cups:1.3.2:::::::* cpe:2.3:a:apple:cups:1.3.11:::::::* cpe:2.3:a:apple:cups:1.3.10:::::::* cpe:2.3:a:apple:cups:1.3.1:::::::* cpe:2.3:a:apple:cups:1.3.0:::::::* cpe:2.3:a:apple:cups:1.3:rc1:::::: cpe:2.3:a:apple:cups:1.3:b1:::::: cpe:2.3:a:apple:cups:1.3:rc2:::::: cpe:2.3:a:apple:cups:1.2.9:::::::* cpe:2.3:a:apple:cups:1.2.8:::::::* cpe:2.3:a:apple:cups:1.2.7:::::::* cpe:2.3:a:apple:cups:1.2.6:::::::* cpe:2.3:a:apple:cups:1.2.5:::::::* cpe:2.3:a:apple:cups:1.2.4:::::::* cpe:2.3:a:apple:cups:1.2.3:::::::* cpe:2.3:a:apple:cups:1.2.2:::::::* cpe:2.3:a:apple:cups:1.2.12:::::::* cpe:2.3:a:apple:cups:1.2.11:::::::* cpe:2.3:a:apple:cups:1.2.10:::::::* cpe:2.3:a:apple:cups:1.2.1:::::::* cpe:2.3:a:apple:cups:1.2.0:::::::* cpe:2.3:a:apple:cups:1.2:b1:::::: cpe:2.3:a:apple:cups:1.2:b2:::::: cpe:2.3:a:apple:cups:1.2:rc3:::::: cpe:2.3:a:apple:cups:1.2:rc2:::::: cpe:2.3:a:apple:cups:1.2:rc1:::::: cpe:2.3:a:apple:cups:1.1.9-1:::::::* cpe:2.3:a:apple:cups:1.1.9:::::::* cpe:2.3:a:apple:cups:1.1.8:::::::* cpe:2.3:a:apple:cups:1.1.7:::::::* cpe:2.3:a:apple:cups:1.1.6-3:::::::* cpe:2.3:a:apple:cups:1.1.6-2:::::::* cpe:2.3:a:apple:cups:1.1.6-1:::::::* cpe:2.3:a:apple:cups:1.1.6:::::::* cpe:2.3:a:apple:cups:1.1.5-2:::::::* cpe:2.3:a:apple:cups:1.1.5-1:::::::* cpe:2.3:a:apple:cups:1.1.5:::::::* cpe:2.3:a:apple:cups:1.1.4:::::::* cpe:2.3:a:apple:cups:1.1.3:::::::* cpe:2.3:a:apple:cups:1.1.23:rc1:::::: cpe:2.3:a:apple:cups:1.1.23:::::::* cpe:2.3:a:apple:cups:1.1.22:::::::* cpe:2.3:a:apple:cups:1.1.22:rc1:::::: cpe:2.3:a:apple:cups:1.1.22:rc2:::::: cpe:2.3:a:apple:cups:1.1.21:rc2:::::: cpe:2.3:a:apple:cups:1.1.21:rc1:::::: cpe:2.3:a:apple:cups:1.1.21:::::::* cpe:2.3:a:apple:cups:1.1.21:-:::::: cpe:2.3:a:apple:cups:1.1.20:rc3:::::: cpe:2.3:a:apple:cups:1.1.20:::::::* cpe:2.3:a:apple:cups:1.1.20:rc5:::::: cpe:2.3:a:apple:cups:1.1.20:rc4:::::: cpe:2.3:a:apple:cups:1.1.20:rc2:::::: cpe:2.3:a:apple:cups:1.1.20:rc1:::::: cpe:2.3:a:apple:cups:1.1.20:rc6:::::: cpe:2.3:a:apple:cups:1.1.2:::::::* cpe:2.3:a:apple:cups:1.1.19:rc1:::::: cpe:2.3:a:apple:cups:1.1.19:rc3:::::: cpe:2.3:a:apple:cups:1.1.19:rc2:::::: cpe:2.3:a:apple:cups:1.1.19:rc5:::::: cpe:2.3:a:apple:cups:1.1.19:rc4:::::: cpe:2.3:a:apple:cups:1.1.19:::::::* cpe:2.3:a:apple:cups:1.1.18:::::::* cpe:2.3:a:apple:cups:1.1.17:::::::* cpe:2.3:a:apple:cups:1.1.16:::::::* cpe:2.3:a:apple:cups:1.1.15:::::::* cpe:2.3:a:apple:cups:1.1.14:::::::* cpe:2.3:a:apple:cups:1.1.13:::::::* cpe:2.3:a:apple:cups:1.1.12:::::::* cpe:2.3:a:apple:cups:1.1.11:::::::* cpe:2.3:a:apple:cups:1.1.10-1:::::::* cpe:2.3:a:apple:cups:1.1.10:::::::* cpe:2.3:a:apple:cups:1.1.1:::::::* cpe:2.3:a:apple:cups:1.1:::::::* cpe:2.3:a:apple:cups:::::::: cpe:2.3:a:apple:cups:-:::::::*	83
Application	Foolabs Xpdf cpe:2.3:a:foolabs:xpdf:1.00a:::::::* cpe:2.3:a:foolabs:xpdf:0.93c:::::::* cpe:2.3:a:foolabs:xpdf:0.93b:::::::* cpe:2.3:a:foolabs:xpdf:0.93a:::::::* cpe:2.3:a:foolabs:xpdf:0.92e:::::::* cpe:2.3:a:foolabs:xpdf:0.92d:::::::* cpe:2.3:a:foolabs:xpdf:0.92c:::::::* cpe:2.3:a:foolabs:xpdf:0.92b:::::::* cpe:2.3:a:foolabs:xpdf:0.92a:::::::* cpe:2.3:a:foolabs:xpdf:0.91c:::::::* cpe:2.3:a:foolabs:xpdf:0.91b:::::::* cpe:2.3:a:foolabs:xpdf:0.91a:::::::* cpe:2.3:a:foolabs:xpdf:0.7a:::::::* cpe:2.3:a:foolabs:xpdf:0.5a:::::::*	14
Application	Glyphandcog Xpdfreader cpe:2.3:a:glyphandcog:xpdfreader:3.02:::::::* cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::* cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::* cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::* cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::* cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::* cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::* cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::* cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::* cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::* cpe:2.3:a:glyphandcog:xpdfreader::::::::	21
Application	Poppler cpe:2.3:a:poppler:poppler:0.9.3:::::::* cpe:2.3:a:poppler:poppler:0.9.2:::::::* cpe:2.3:a:poppler:poppler:0.9.1:::::::* cpe:2.3:a:poppler:poppler:0.9.0:::::::* cpe:2.3:a:poppler:poppler:0.8.7:::::::* cpe:2.3:a:poppler:poppler:0.8.6:::::::* cpe:2.3:a:poppler:poppler:0.8.5:::::::* cpe:2.3:a:poppler:poppler:0.8.4:::::::* cpe:2.3:a:poppler:poppler:0.8.3:::::::* cpe:2.3:a:poppler:poppler:0.8.2:::::::* cpe:2.3:a:poppler:poppler:0.8.1:::::::* cpe:2.3:a:poppler:poppler:0.8.0:::::::* cpe:2.3:a:poppler:poppler:0.7.3:::::::* cpe:2.3:a:poppler:poppler:0.7.2:::::::* cpe:2.3:a:poppler:poppler:0.7.1:::::::* cpe:2.3:a:poppler:poppler:0.7.0:::::::* cpe:2.3:a:poppler:poppler:0.6.4:::::::* cpe:2.3:a:poppler:poppler:0.6.3:::::::* cpe:2.3:a:poppler:poppler:0.6.2:::::::* cpe:2.3:a:poppler:poppler:0.6.1:::::::* cpe:2.3:a:poppler:poppler:0.6.0:::::::* cpe:2.3:a:poppler:poppler:0.5.91:::::::* cpe:2.3:a:poppler:poppler:0.5.90:::::::* cpe:2.3:a:poppler:poppler:0.5.9:::::::* cpe:2.3:a:poppler:poppler:0.5.4:::::::* cpe:2.3:a:poppler:poppler:0.5.3:::::::* cpe:2.3:a:poppler:poppler:0.5.2:::::::* cpe:2.3:a:poppler:poppler:0.5.1:::::::* cpe:2.3:a:poppler:poppler:0.5.0:::::::* cpe:2.3:a:poppler:poppler:0.4.4:::::::* cpe:2.3:a:poppler:poppler:0.4.3:::::::* cpe:2.3:a:poppler:poppler:0.4.2:::::::* cpe:2.3:a:poppler:poppler:0.4.1:::::::* cpe:2.3:a:poppler:poppler:0.4.0:::::::* cpe:2.3:a:poppler:poppler:0.3.3:::::::* cpe:2.3:a:poppler:poppler:0.3.2:::::::* cpe:2.3:a:poppler:poppler:0.3.1:::::::* cpe:2.3:a:poppler:poppler:0.3.0:::::::* cpe:2.3:a:poppler:poppler:0.2.0:::::::* cpe:2.3:a:poppler:poppler:0.10.5:::::::* cpe:2.3:a:poppler:poppler:0.10.4:::::::* cpe:2.3:a:poppler:poppler:0.10.3:::::::* cpe:2.3:a:poppler:poppler:0.10.2:::::::* cpe:2.3:a:poppler:poppler:0.10.1:::::::* cpe:2.3:a:poppler:poppler:0.10.0:::::::* cpe:2.3:a:poppler:poppler:0.1.2:::::::* cpe:2.3:a:poppler:poppler:0.1.1:::::::* cpe:2.3:a:poppler:poppler:0.1:::::::* cpe:2.3:a:poppler:poppler::::::::	49

OpenVAS Exploits

Date	Description
2011-11-18	Name : Mandriva Update for poppler MDVSA-2011:175 (poppler) File : nvt/gb_mandriva_MDVSA_2011_175.nasl
2011-08-09	Name : CentOS Update for poppler CESA-2009:1504 centos5 i386 File : nvt/gb_CESA-2009_1504_poppler_centos5_i386.nasl
2011-08-09	Name : CentOS Update for poppler CESA-2009:0480 centos5 i386 File : nvt/gb_CESA-2009_0480_poppler_centos5_i386.nasl
2011-08-09	Name : CentOS Update for gpdf CESA-2009:0458 centos4 i386 File : nvt/gb_CESA-2009_0458_gpdf_centos4_i386.nasl
2011-08-09	Name : CentOS Update for kdegraphics CESA-2009:0431 centos5 i386 File : nvt/gb_CESA-2009_0431_kdegraphics_centos5_i386.nasl
2011-08-09	Name : CentOS Update for kdegraphics CESA-2009:0431 centos4 i386 File : nvt/gb_CESA-2009_0431_kdegraphics_centos4_i386.nasl
2011-08-09	Name : CentOS Update for xpdf CESA-2009:0430 centos4 i386 File : nvt/gb_CESA-2009_0430_xpdf_centos4_i386.nasl
2011-08-09	Name : CentOS Update for xpdf CESA-2009:0430 centos3 i386 File : nvt/gb_CESA-2009_0430_xpdf_centos3_i386.nasl
2011-08-09	Name : CentOS Update for cups CESA-2009:0429 centos5 i386 File : nvt/gb_CESA-2009_0429_cups_centos5_i386.nasl
2011-08-09	Name : CentOS Update for cups CESA-2009:0429 centos4 i386 File : nvt/gb_CESA-2009_0429_cups_centos4_i386.nasl
2011-08-09	Name : CentOS Update for tetex CESA-2010:0400 centos5 i386 File : nvt/gb_CESA-2010_0400_tetex_centos5_i386.nasl
2010-05-17	Name : CentOS Update for tetex CESA-2010:0399 centos4 i386 File : nvt/gb_CESA-2010_0399_tetex_centos4_i386.nasl
2010-05-07	Name : RedHat Update for tetex RHSA-2010:0400-01 File : nvt/gb_RHSA-2010_0400-01_tetex.nasl
2010-05-07	Name : RedHat Update for tetex RHSA-2010:0399-01 File : nvt/gb_RHSA-2010_0399-01_tetex.nasl
2010-03-12	Name : Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_087.nasl
2010-03-12	Name : Mandriva Update for poppler MDVSA-2010:055 (poppler) File : nvt/gb_mandriva_MDVSA_2010_055.nasl
2009-12-14	Name : Mandriva Security Advisory MDVSA-2009:282-1 (cups) File : nvt/mdksa_2009_282_1.nasl
2009-10-27	Name : Fedora Core 10 FEDORA-2009-10694 (xpdf) File : nvt/fcore_2009_10694.nasl
2009-10-27	Name : Mandrake Security Advisory MDVSA-2009:282 (cups) File : nvt/mdksa_2009_282.nasl
2009-10-27	Name : Mandrake Security Advisory MDVSA-2009:283 (cups) File : nvt/mdksa_2009_283.nasl
2009-10-19	Name : RedHat Security Advisory RHSA-2009:1504 File : nvt/RHSA_2009_1504.nasl
2009-10-13	Name : SLES10: Security update for CUPS File : nvt/sles10_cups0.nasl
2009-10-13	Name : SLES10: Security update for kdegraphics3 File : nvt/sles10_kdegraphics3.nasl
2009-10-13	Name : SLES10: Security update for poppler File : nvt/sles10_poppler.nasl
2009-10-13	Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf.nasl
2009-10-11	Name : SLES11: Security update for libpoppler4 File : nvt/sles11_libpoppler4.nasl
2009-10-10	Name : SLES9: Security update for CUPS File : nvt/sles9p5047860.nasl
2009-07-29	Name : Fedora Core 11 FEDORA-2009-6972 (poppler) File : nvt/fcore_2009_6972.nasl
2009-07-06	Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl
2009-06-30	Name : Fedora Core 9 FEDORA-2009-6982 (poppler) File : nvt/fcore_2009_6982.nasl
2009-06-30	Name : Fedora Core 10 FEDORA-2009-6973 (poppler) File : nvt/fcore_2009_6973.nasl
2009-05-25	Name : CentOS Security Advisory CESA-2009:0458 (gpdf) File : nvt/ovcesa2009_0458.nasl
2009-05-25	Name : CentOS Security Advisory CESA-2009:0430 (xpdf) File : nvt/ovcesa2009_0430.nasl
2009-05-25	Name : CentOS Security Advisory CESA-2009:0429 (cups) File : nvt/ovcesa2009_0429.nasl
2009-05-20	Name : RedHat Security Advisory RHSA-2009:0480 File : nvt/RHSA_2009_0480.nasl
2009-05-20	Name : CentOS Security Advisory CESA-2009:0480 (poppler) File : nvt/ovcesa2009_0480.nasl
2009-05-20	Name : CentOS Security Advisory CESA-2009:0431 (kdegraphics) File : nvt/ovcesa2009_0431.nasl
2009-05-20	Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl
2009-05-11	Name : Debian Security Advisory DSA 1790-1 (xpdf) File : nvt/deb_1790_1.nasl
2009-05-11	Name : Debian Security Advisory DSA 1793-1 (kdegraphics) File : nvt/deb_1793_1.nasl
2009-05-06	Name : Xpdf Multiple Vulnerabilities File : nvt/secpod_xpdf_mult_vuln.nasl
2009-05-05	Name : Mandrake Security Advisory MDVSA-2009:101 (xpdf) File : nvt/mdksa_2009_101.nasl
2009-05-05	Name : RedHat Security Advisory RHSA-2009:0458 File : nvt/RHSA_2009_0458.nasl
2009-04-28	Name : SuSE Security Advisory SUSE-SA:2009:024 (cups) File : nvt/suse_sa_2009_024.nasl
2009-04-28	Name : Fedora Core 9 FEDORA-2009-3794 (xpdf) File : nvt/fcore_2009_3794.nasl
2009-04-28	Name : Fedora Core 10 FEDORA-2009-3820 (xpdf) File : nvt/fcore_2009_3820.nasl
2009-04-20	Name : RedHat Security Advisory RHSA-2009:0429 File : nvt/RHSA_2009_0429.nasl
2009-04-20	Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl
2009-04-20	Name : FreeBSD Ports: xpdf File : nvt/freebsd_xpdf3.nasl
2009-04-20	Name : FreeBSD Ports: poppler File : nvt/freebsd_poppler0.nasl
2009-04-20	Name : RedHat Security Advisory RHSA-2009:0431 File : nvt/RHSA_2009_0431.nasl
2009-04-20	Name : RedHat Security Advisory RHSA-2009:0430 File : nvt/RHSA_2009_0430.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-129-01 xpdf File : nvt/esoft_slk_ssa_2009_129_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
54467	Poppler JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS
54466	CUPS JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS
54465	Xpdf JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS Xpdf contains a flaw that may allow a remote denial of service. The issue is triggered when the JBIG2 MMR Decoder processes a specially crafted PDF file, and will result in loss of availability for the service.

Nessus® Vulnerability Scanner

Date	Description
2013-10-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0400.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0480.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0458.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0431.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0430.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0429.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1504.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0399.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090513_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090430_gpdf_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090416_xpdf_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_kdegraphics_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_cups_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-06-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO
2010-05-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO
2010-05-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0399.nasl - Type : ACT_GATHER_INFO
2010-05-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0399.nasl - Type : ACT_GATHER_INFO
2010-03-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-055.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0480.nasl - Type : ACT_GATHER_INFO
2009-12-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO
2009-10-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-282.nasl - Type : ACT_GATHER_INFO
2009-10-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_poppler-6319.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12396.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing a security update. File : suse_11_libpoppler4-090622.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-6174.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-6283.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_poppler-6315.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6177.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpoppler4-090622.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdegraphics3-090424.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-090417.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpoppler3-090611.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_kdegraphics3-090423.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-090416.nasl - Type : ACT_GATHER_INFO
2009-07-17	Name : The remote Fedora host is missing a security update. File : fedora_2009-6972.nasl - Type : ACT_GATHER_INFO
2009-06-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-6973.nasl - Type : ACT_GATHER_INFO
2009-06-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-6982.nasl - Type : ACT_GATHER_INFO
2009-05-26	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0458.nasl - Type : ACT_GATHER_INFO
2009-05-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0431.nasl - Type : ACT_GATHER_INFO
2009-05-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0429.nasl - Type : ACT_GATHER_INFO
2009-05-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0480.nasl - Type : ACT_GATHER_INFO
2009-05-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-129-01.nasl - Type : ACT_GATHER_INFO
2009-05-08	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1793.nasl - Type : ACT_GATHER_INFO
2009-05-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1790.nasl - Type : ACT_GATHER_INFO
2009-05-01	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0458.nasl - Type : ACT_GATHER_INFO
2009-04-30	Name : The remote openSUSE host is missing a security update. File : suse_kdegraphics3-6211.nasl - Type : ACT_GATHER_INFO
2009-04-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-101.nasl - Type : ACT_GATHER_INFO
2009-04-27	Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6182.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-759-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote openSUSE host is missing a security update. File : suse_cups-6172.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-3820.nasl - Type : ACT_GATHER_INFO
2009-04-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-3794.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a21037d52c3811deab3b0017a4cccfc6.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0430.nasl - Type : ACT_GATHER_INFO
2009-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0431.nasl - Type : ACT_GATHER_INFO
2009-04-17	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0430.nasl - Type : ACT_GATHER_INFO
2009-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0429.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://poppler.freedesktop.org/releases.html
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34746
http://secunia.com/advisories/34755
http://secunia.com/advisories/34756
http://secunia.com/advisories/34852
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/34991
http://secunia.com/advisories/35037
http://secunia.com/advisories/35064
http://secunia.com/advisories/35065
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&...
http://www.debian.org/security/2009/dsa-1790
http://www.debian.org/security/2009/dsa-1793
http://www.kb.cert.org/vuls/id/196617
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/bid/34568
http://www.securitytracker.com/id?1022072
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2010/1040
https://bugzilla.redhat.com/show_bug.cgi?id=495899
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:11:29	Multiple Updates
2024-11-28 12:18:40	Multiple Updates
2024-02-16 12:10:24	Multiple Updates
2023-02-13 09:29:19	Multiple Updates
2023-02-02 21:28:57	Multiple Updates
2022-09-02 01:07:55	Multiple Updates
2021-05-04 12:09:22	Multiple Updates
2021-04-22 01:09:42	Multiple Updates
2020-05-23 01:40:14	Multiple Updates
2020-05-23 00:23:35	Multiple Updates
2019-03-06 21:19:18	Multiple Updates
2017-09-29 09:24:09	Multiple Updates
2016-06-28 17:38:56	Multiple Updates
2016-04-26 18:44:23	Multiple Updates
2014-02-17 10:49:34	Multiple Updates
2013-05-10 23:47:57	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	9
CPE ID(s)	167
Sources(s)	42
osvdb(s)	3
Openvas Exploit(s)	53
Nessus® Exploit(s)	63

	Related
10	MDVSA-2009:282-1
10	MDVSA-2009:282
10	MDVSA-2009:101
10	GLSA-201310-03
10	DSA-1793
10	DSA-1790
9.3	RHSA-2010:0400
9.3	MDVSA-2011:175
9.3	MDVSA-2010:087
9.3	MDVSA-2010:055
9.3	MDVSA-2009:283
7.5	VU#196617
7.5	RHSA-2010:0399
7.5	RHSA-2009:0480
7.5	RHSA-2009:0458
7.5	RHSA-2009:0431
7.5	RHSA-2009:0430
7.5	RHSA-2009:0429
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 18 more Alert(s)

4.3 - CVE-2009-1183

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU