Executive Summary
Summary | |
---|---|
Title | cups security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0429 | First vendor Publication | 2009-04-16 |
Vendor | RedHat | Last vendor Modification | 2009-04-16 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0800) An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious TIFF file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0163) Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 490596 - CVE-2009-0163 cups: Integer overflow in the TIFF image filter 490612 - CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) 490614 - CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder 490625 - CVE-2009-0166 xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder 491864 - Multiple PDF flaws 495886 - CVE-2009-0799 PDF JBIG2 decoder OOB read 495887 - CVE-2009-0800 PDF JBIG2 multiple input validation flaws 495889 - CVE-2009-1179 PDF JBIG2 integer overflow 495892 - CVE-2009-1180 PDF JBIG2 invalid free() 495894 - CVE-2009-1181 PDF JBIG2 NULL dereference 495896 - CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows 495899 - CVE-2009-1183 PDF JBIG2 MMR infinite loop DoS |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0429.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
36 % | CWE-399 | Resource Management Errors |
27 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
27 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
9 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11546 | |||
Oval ID: | oval:org.mitre.oval:def:11546 | ||
Title: | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. | ||
Description: | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0163 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13119 | |||
Oval ID: | oval:org.mitre.oval:def:13119 | ||
Title: | DSA-1790-1 xpdf -- multiple | ||
Description: | Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialised memory. CVE-2009-0799 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file. For the old stable distribution, these problems have been fixed in version 3.01-9.1+etch6. For the stable distribution, these problems have been fixed in version 3.02-1.4+lenny1. For the unstable distribution, these problems will be fixed in a forthcoming version. We recommend that you upgrade your xpdf packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1790-1 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xpdf |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21858 | |||
Oval ID: | oval:org.mitre.oval:def:21858 | ||
Title: | ELSA-2009:0429: cups security update (Important) | ||
Description: | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0429-01 CVE-2009-0146 CVE-2009-0147 CVE-2009-0163 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 | Version: | 53 |
Platform(s): | Oracle Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22616 | |||
Oval ID: | oval:org.mitre.oval:def:22616 | ||
Title: | ELSA-2009:0431: kdegraphics security update (Important) | ||
Description: | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0431-01 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 | Version: | 49 |
Platform(s): | Oracle Linux 5 | Product(s): | kdegraphics |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28592 | |||
Oval ID: | oval:org.mitre.oval:def:28592 | ||
Title: | RHSA-2009:0429 -- cups security update (Important) | ||
Description: | Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0429 CESA-2009:0429-CentOS 5 CVE-2009-0146 CVE-2009-0147 CVE-2009-0163 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | cups |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29193 | |||
Oval ID: | oval:org.mitre.oval:def:29193 | ||
Title: | RHSA-2009:0431 -- kdegraphics security update (Important) | ||
Description: | Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0431 CESA-2009:0431-CentOS 5 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | kdegraphics |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7718 | |||
Oval ID: | oval:org.mitre.oval:def:7718 | ||
Title: | DSA-1790 xpdf -- multiple vulnerabilities | ||
Description: | Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialised memory. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1790 CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | xpdf |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-11-18 | Name : Mandriva Update for poppler MDVSA-2011:175 (poppler) File : nvt/gb_mandriva_MDVSA_2011_175.nasl |
2011-08-09 | Name : CentOS Update for gpdf CESA-2009:0458 centos4 i386 File : nvt/gb_CESA-2009_0458_gpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:0431 centos5 i386 File : nvt/gb_CESA-2009_0431_kdegraphics_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:0431 centos4 i386 File : nvt/gb_CESA-2009_0431_kdegraphics_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for xpdf CESA-2009:0430 centos4 i386 File : nvt/gb_CESA-2009_0430_xpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for xpdf CESA-2009:0430 centos3 i386 File : nvt/gb_CESA-2009_0430_xpdf_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:0429 centos5 i386 File : nvt/gb_CESA-2009_0429_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:0429 centos4 i386 File : nvt/gb_CESA-2009_0429_cups_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:0428 centos3 i386 File : nvt/gb_CESA-2009_0428_cups_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for tetex CESA-2010:0400 centos5 i386 File : nvt/gb_CESA-2010_0400_tetex_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2009:0480 centos5 i386 File : nvt/gb_CESA-2009_0480_poppler_centos5_i386.nasl |
2010-08-20 | Name : Ubuntu Update for koffice vulnerabilities USN-973-1 File : nvt/gb_ubuntu_USN_973_1.nasl |
2010-05-17 | Name : CentOS Update for tetex CESA-2010:0399 centos4 i386 File : nvt/gb_CESA-2010_0399_tetex_centos4_i386.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-07 | Name : RedHat Update for tetex RHSA-2010:0399-01 File : nvt/gb_RHSA-2010_0399-01_tetex.nasl |
2010-05-07 | Name : RedHat Update for tetex RHSA-2010:0400-01 File : nvt/gb_RHSA-2010_0400-01_tetex.nasl |
2010-03-22 | Name : Fedora Update for cups FEDORA-2010-2743 File : nvt/gb_fedora_2010_2743_cups_fc11.nasl |
2010-03-12 | Name : Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_096.nasl |
2010-03-12 | Name : Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_087.nasl |
2010-03-12 | Name : Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_096_1.nasl |
2010-03-12 | Name : Mandriva Update for poppler MDVSA-2010:055 (poppler) File : nvt/gb_mandriva_MDVSA_2010_055.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:282-1 (cups) File : nvt/mdksa_2009_282_1.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:331 (kdegraphics) File : nvt/mdksa_2009_331.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-10891 (cups) File : nvt/fcore_2009_10891.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-27 | Name : Fedora Core 10 FEDORA-2009-10694 (xpdf) File : nvt/fcore_2009_10694.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:281 (cups) File : nvt/mdksa_2009_281.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:282 (cups) File : nvt/mdksa_2009_282.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:283 (cups) File : nvt/mdksa_2009_283.nasl |
2009-10-13 | Name : SLES10: Security update for poppler File : nvt/sles10_poppler.nasl |
2009-10-13 | Name : SLES10: Security update for CUPS File : nvt/sles10_cups0.nasl |
2009-10-13 | Name : SLES10: Security update for kdegraphics3 File : nvt/sles10_kdegraphics3.nasl |
2009-10-13 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf.nasl |
2009-10-11 | Name : SLES11: Security update for CUPS File : nvt/sles11_cups.nasl |
2009-10-11 | Name : SLES11: Security update for libpoppler4 File : nvt/sles11_libpoppler4.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5047860.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-6972 (poppler) File : nvt/fcore_2009_6972.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-30 | Name : Fedora Core 10 FEDORA-2009-6973 (poppler) File : nvt/fcore_2009_6973.nasl |
2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6982 (poppler) File : nvt/fcore_2009_6982.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0458 (gpdf) File : nvt/ovcesa2009_0458.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0430 (xpdf) File : nvt/ovcesa2009_0430.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0429 (cups) File : nvt/ovcesa2009_0429.nasl |
2009-05-20 | Name : CentOS Security Advisory CESA-2009:0480 (poppler) File : nvt/ovcesa2009_0480.nasl |
2009-05-20 | Name : CentOS Security Advisory CESA-2009:0431 (kdegraphics) File : nvt/ovcesa2009_0431.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:0480 File : nvt/RHSA_2009_0480.nasl |
2009-05-11 | Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base8.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1793-1 (kdegraphics) File : nvt/deb_1793_1.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1790-1 (xpdf) File : nvt/deb_1790_1.nasl |
2009-05-06 | Name : Xpdf Multiple Vulnerabilities File : nvt/secpod_xpdf_mult_vuln.nasl |
2009-05-05 | Name : Mandrake Security Advisory MDVSA-2009:101 (xpdf) File : nvt/mdksa_2009_101.nasl |
2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0458 File : nvt/RHSA_2009_0458.nasl |
2009-04-28 | Name : SuSE Security Advisory SUSE-SA:2009:024 (cups) File : nvt/suse_sa_2009_024.nasl |
2009-04-28 | Name : Gentoo Security Advisory GLSA 200904-20 (cups) File : nvt/glsa_200904_20.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3753 (cups) File : nvt/fcore_2009_3753.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3769 (cups) File : nvt/fcore_2009_3769.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3794 (xpdf) File : nvt/fcore_2009_3794.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3820 (xpdf) File : nvt/fcore_2009_3820.nasl |
2009-04-20 | Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl |
2009-04-20 | Name : RedHat Security Advisory RHSA-2009:0428 File : nvt/RHSA_2009_0428.nasl |
2009-04-20 | Name : Ubuntu USN-760-1 (cupsys) File : nvt/ubuntu_760_1.nasl |
2009-04-20 | Name : FreeBSD Ports: xpdf File : nvt/freebsd_xpdf3.nasl |
2009-04-20 | Name : FreeBSD Ports: poppler File : nvt/freebsd_poppler0.nasl |
2009-04-20 | Name : Debian Security Advisory DSA 1773-1 (cups) File : nvt/deb_1773_1.nasl |
2009-04-20 | Name : RedHat Security Advisory RHSA-2009:0431 File : nvt/RHSA_2009_0431.nasl |
2009-04-20 | Name : RedHat Security Advisory RHSA-2009:0430 File : nvt/RHSA_2009_0430.nasl |
2009-04-20 | Name : RedHat Security Advisory RHSA-2009:0429 File : nvt/RHSA_2009_0429.nasl |
2009-04-17 | Name : CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability File : nvt/cups_cve_2009_0163.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-129-01 xpdf File : nvt/esoft_slk_ssa_2009_129_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-116-01 cups File : nvt/esoft_slk_ssa_2009_116_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54496 | Xpdf JBIG2 Decoder PDF File Handling Multiple Function Overflows |
54495 | CUPS JBIG2 Decoder PDF File Handling Multiple Function Overflows |
54489 | Xpdf JBIG2 Decoder PDF File Handling Unitialized Memory Free DoS |
54488 | CUPS JBIG2 Decoder PDF File Handling Unitialized Memory Free DoS CUPS contains a flaw that may allow a remote denial of service. The issue is triggered when JBIG2 decoder receives a specially crafted PDF file causes a free of unitialized memory, and will result in loss of availability for the service. |
54487 | Poppler JBIG2 Decoder PDF File Handling Out-of-bounds Read DoS |
54486 | Xpdf JBIG2 Decoder PDF File Handling Out-of-bounds Read DoS |
54485 | CUPS JBIG2 Decoder PDF File Handling Out-of-bounds Read DoS CUPS contains a flaw that may allow a remote denial of service. The issue is triggered when processing a specially crafted PDF file causing an out-of-bounds read, and will result in loss of availability for the service. |
54484 | Poppler JBIG2 Decoder PDF File Handling NULL Dereference DoS |
54483 | Xpdf JBIG2 Decoder PDF File Handling NULL Dereference DoS |
54482 | CUPS JBIG2 Decoder PDF File Handling NULL Dereference DoS CUPS contains a flaw that may allow a remote denial of service. The issue is triggered when processing a specially crafted PDF file creating a NULL pointer dereference, and will result in loss of availability for the service. |
54481 | Poppler JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution |
54480 | Xpdf JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution |
54479 | CUPS JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution CUPS contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when JBIG2 decodes an arbitrary code which triggers a free of invalid data. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
54478 | Poppler JBIG2 Decoder PDF File Handling Unspecified Integer Overflow A remote overflow exists in Poppler. The JBIG2 decoder fails to validate PDF files resulting in a integer overflow. With a specially crafted file, a context-dependent attacker can cause execution of arbitrary code resulting in a loss of integrity. |
54477 | Xpdf JBIG2 Decoder PDF File Handling Unspecified Integer Overflow |
54476 | CUPS JBIG2 Decoder PDF File Handling Unspecified Integer Overflow |
54473 | Poppler JBIG2 Decoder PDF File Handling Multiple Unspecified Input Validation... |
54472 | Xpdf JBIG2 Decoder PDF File Handling Multiple Unspecified Input Validation Fl... |
54471 | CUPS JBIG2 Decoder PDF File Handling Multiple Unspecified Input Validation Fl... CUPS contains multiple input validation flaws related to the JBIG2 decoder that may allow an attacker to execute arbitrary code. No further details have been provided. |
54470 | Poppler JBIG2 MMR Decoder Crafted PDF Handling Arbitrary Code Execution |
54469 | Xpdf JBIG2 MMR Decoder Crafted PDF Handling Arbitrary Code Execution |
54468 | CUPS JBIG2 MMR Decoder Crafted PDF Handling Arbitrary Code Execution CUPS contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the JBIG2 MMR decoder processes a specially crafted PDF file. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
54467 | Poppler JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS |
54466 | CUPS JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS |
54465 | Xpdf JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS Xpdf contains a flaw that may allow a remote denial of service. The issue is triggered when the JBIG2 MMR Decoder processes a specially crafted PDF file, and will result in loss of availability for the service. |
54462 | CUPS TIFF Image Decoding Routines Multiple Filter File Handling Overflows A remote overflow exists in CUPS. CUPS fails to handle a integer overflow in processing TIFF files resulting in a heaped-based buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0429.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0430.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0431.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0458.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0480.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0399.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090513_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_cups_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090416_kdegraphics_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090416_xpdf_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090430_gpdf_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-08-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-973-1.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0399.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2010-05-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0399.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-055.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0480.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO |
2009-10-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-282.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_poppler-6319.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12396.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6177.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_poppler-6315.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-6283.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cups-090416.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_libpoppler4-090622.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-6174.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cups-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpoppler4-090622.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kdegraphics3-090423.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdegraphics3-090424.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpoppler3-090611.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-090417.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cups-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6972.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6973.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6982.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0458.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0431.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0429.nasl - Type : ACT_GATHER_INFO |
2009-05-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0480.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-129-01.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_736e55bc39bb11dea493001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1793.nasl - Type : ACT_GATHER_INFO |
2009-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1790.nasl - Type : ACT_GATHER_INFO |
2009-05-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0458.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_kdegraphics3-6211.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-101.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-116-01.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6182.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-20.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-760-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-759-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3820.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3769.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote openSUSE host is missing a security update. File : suse_cups-6172.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3753.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3794.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a21037d52c3811deab3b0017a4cccfc6.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0430.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0428.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1773.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote printer service is affected by multiple vulnerabilities. File : cups_1_3_10.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0428.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0429.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0430.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0431.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:26 |
|