MDVSA-2009:101

Package name

xpdf

Date

2009-04-28

Advisory ID

MDVSA-2009:101

Affected versions

2009.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problem description

Multiple buffer overflows in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0146).

Multiple integer overflows in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0147).

An integer overflow in the JBIG2 decoder has unspecified
impact. (CVE-2009-0165).

A free of uninitialized memory flaw in the the JBIG2 decoder allows
remote to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0166).

Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).

An out-of-bounds read flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).

An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).

A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).

A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).

Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).

This update provides fixes for that vulnerabilities.

Updated packages

2009.0 x86_64

 a8f3f47b0f7abab2e14278ef3a9ab949  2009.0/x86_64/xpdf-3.02-12.1mdv2009.0.x86_64.rpm
 e8149bd894a353b26a6d649a1b2c4f80  2009.0/x86_64/xpdf-common-3.02-12.1mdv2009.0.x86_64.rpm 
 e98cd0e2ddaf8e38545517ca3c5a52c9  2009.0/SRPMS/xpdf-3.02-12.1mdv2009.0.src.rpm

CS4.0 x86_64

 15790cc89933284c5bf608073b30e9c0  corporate/4.0/x86_64/xpdf-3.02-0.2.20060mlcs4.x86_64.rpm
 e80e0468222a1d7c9514ffa17e827f7f  corporate/4.0/x86_64/xpdf-tools-3.02-0.2.20060mlcs4.x86_64.rpm 
 0dc34a5646041ead38fa548b6d077e30  corporate/4.0/SRPMS/xpdf-3.02-0.2.20060mlcs4.src.rpm

2008.0 i586

 ca5d4aa0fd4d773a0c07152230125a17  2008.0/i586/xpdf-3.02-8.2mdv2008.0.i586.rpm
 c559996e39714143bf05932da647f366  2008.0/i586/xpdf-common-3.02-8.2mdv2008.0.i586.rpm
 faf1b71ba57c4dc04e13967efe905022  2008.0/i586/xpdf-tools-3.02-8.2mdv2008.0.i586.rpm 
 e7a41f655996dc3fe042792834c98f53  2008.0/SRPMS/xpdf-3.02-8.2mdv2008.0.src.rpm

2009.0 i586

 b4f7a0c5a77a5e4c976d3c5d4962260d  2009.0/i586/xpdf-3.02-12.1mdv2009.0.i586.rpm
 c2539bdb62cfd965b4833498c01e1476  2009.0/i586/xpdf-common-3.02-12.1mdv2009.0.i586.rpm 
 e98cd0e2ddaf8e38545517ca3c5a52c9  2009.0/SRPMS/xpdf-3.02-12.1mdv2009.0.src.rpm

CS3.0 x86_64

 16d8f445db66382e04f9069f0d1ea0b7  corporate/3.0/x86_64/xpdf-3.02-0.2.C30mdk.x86_64.rpm
 e1b540672b1294126341ea59d4a7cc61  corporate/3.0/x86_64/xpdf-tools-3.02-0.2.C30mdk.x86_64.rpm 
 cee0a0b2af176cb5d57118f24ff709ef  corporate/3.0/SRPMS/xpdf-3.02-0.2.C30mdk.src.rpm

2008.0 x86_64

 c5679f6c06322aa5771721eff8b04f52  2008.0/x86_64/xpdf-3.02-8.2mdv2008.0.x86_64.rpm
 268fe7bc2cab7dc799958b8cbb1d0cf1  2008.0/x86_64/xpdf-common-3.02-8.2mdv2008.0.x86_64.rpm
 4fc6ea9b648664b86034e7a705a5d4ad  2008.0/x86_64/xpdf-tools-3.02-8.2mdv2008.0.x86_64.rpm 
 e7a41f655996dc3fe042792834c98f53  2008.0/SRPMS/xpdf-3.02-8.2mdv2008.0.src.rpm

CS3.0 i586

 e5c3d7b817a68494e9196f03912c1cbf  corporate/3.0/i586/xpdf-3.02-0.2.C30mdk.i586.rpm
 3b59d02393cdf7faf7ad6defa6fd1c1d  corporate/3.0/i586/xpdf-tools-3.02-0.2.C30mdk.i586.rpm 
 cee0a0b2af176cb5d57118f24ff709ef  corporate/3.0/SRPMS/xpdf-3.02-0.2.C30mdk.src.rpm

2008.1 x86_64

 513359e39e158cb9a0897dfdc636d7ff  2008.1/x86_64/xpdf-3.02-10.1mdv2008.1.x86_64.rpm
 07116c6ca3f91cff7db289a3b2454b53  2008.1/x86_64/xpdf-common-3.02-10.1mdv2008.1.x86_64.rpm 
 3ef4252f9c88a7ec76b5d2289cd47586  2008.1/SRPMS/xpdf-3.02-10.1mdv2008.1.src.rpm

2008.1 i586

 44669f3080692ccd8a36f2c6ceccef94  2008.1/i586/xpdf-3.02-10.1mdv2008.1.i586.rpm
 3df82267b407e35f8cce33902fd25282  2008.1/i586/xpdf-common-3.02-10.1mdv2008.1.i586.rpm 
 3ef4252f9c88a7ec76b5d2289cd47586  2008.1/SRPMS/xpdf-3.02-10.1mdv2008.1.src.rpm

CS4.0 i586

 6427d710feee38e81cfc6f8ea83d33f4  corporate/4.0/i586/xpdf-3.02-0.2.20060mlcs4.i586.rpm
 b72effda26fc1ce0efc67a89bdec2b8d  corporate/4.0/i586/xpdf-tools-3.02-0.2.20060mlcs4.i586.rpm 
 0dc34a5646041ead38fa548b6d077e30  corporate/4.0/SRPMS/xpdf-3.02-0.2.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146