Package name
poppler
Date
2009-12-16
Advisory ID
MDVSA-2009:334
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple integer overflows in the pdf rendering code allow remote
attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted PDF file that triggers
a heap-based buffer overflow, possibly related to (1) Decrypt.cxx,
(2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5)
PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may
overlap CVE-2009-1179. (CVE-2009-0791)

Multiple integer overflows in Poppler 0.10.5 and earlier allow
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted PDF file, related to (1)
glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc,
(4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and
(7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9)
Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may
overlap CVE-2009-0791. (CVE-2009-3605)

Two integer overflow flaws were found in pdf rendering code. An
attacker could create a malicious PDF file that would cause pdftops
to crash or, potentially, execute arbitrary code as the lp user if
the file was printed. (CVE-2009-3608, CVE-2009-3609)

This update corrects the problems.

Updated packages

CS4.0 x86_64

 e8257b84ffe164e374d6134ebc87cdeb  corporate/4.0/x86_64/lib64poppler0-0.4.1-3.10.20060mlcs4.x86_64.rpm
 578226b19e08f1f4428a63e6b6fb9b66  corporate/4.0/x86_64/lib64poppler0-devel-0.4.1-3.10.20060mlcs4.x86_64.rpm
 fc519d68b36219f454a08a87c7493cbf  corporate/4.0/x86_64/lib64poppler-qt0-0.4.1-3.10.20060mlcs4.x86_64.rpm
 859abd2e604a05f836bb3a3c4ad0948a  corporate/4.0/x86_64/lib64poppler-qt0-devel-0.4.1-3.10.20060mlcs4.x86_64.rpm 
 287203505cdafc1091000c7c17b5b532  corporate/4.0/SRPMS/poppler-0.4.1-3.10.20060mlcs4.src.rpm

CS4.0 i586

 4b885bda62ebbeb3cc1bb87b7904c725  corporate/4.0/i586/libpoppler0-0.4.1-3.10.20060mlcs4.i586.rpm
 ec004634deb8a53b67ed890080d9b3b9  corporate/4.0/i586/libpoppler0-devel-0.4.1-3.10.20060mlcs4.i586.rpm
 d9c880463e437e43ecf8fc53b03225e1  corporate/4.0/i586/libpoppler-qt0-0.4.1-3.10.20060mlcs4.i586.rpm
 c7b14c8fb3f0101eb91685379096252a  corporate/4.0/i586/libpoppler-qt0-devel-0.4.1-3.10.20060mlcs4.i586.rpm 
 287203505cdafc1091000c7c17b5b532  corporate/4.0/SRPMS/poppler-0.4.1-3.10.20060mlcs4.src.rpm

References