Vulnerabilities > CVE-2009-0195 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyMisc.
    NASL idCUPS_1_3_10.NASL
    descriptionAccording to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by several issues : - A potential integer overflow in the PNG image validation code in
    last seen2020-06-01
    modified2020-06-02
    plugin id36183
    published2009-04-17
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36183
    titleCUPS < 1.3.10 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36183);
      script_version("1.24");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id(
        "CVE-2008-5286",
        "CVE-2009-0163",
        "CVE-2009-0164",
        "CVE-2009-0195",
        "CVE-2009-0949"
      );
      script_bugtraq_id(32518, 34571, 34665, 34791, 35169);
      script_xref(name:"Secunia", value:"34481");
    
      script_name(english:"CUPS < 1.3.10 Multiple Vulnerabilities");
      script_summary(english:"Checks CUPS server version");
    
      script_set_attribute(attribute:"synopsis", value:"The remote printer service is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of CUPS installed on the remote
    host is earlier than 1.3.10. Such versions are affected by several
    issues :
    
      - A potential integer overflow in the PNG image validation
        code in '_cupsImageReadPNG()' could allow an attacker to
        crash the affected service or possibly execute arbitrary
        code. (STR #2974)
    
      - A heap-based integer overflow exists in
        '_cupsImageReadTIFF()' due to a failure to properly
        validate the image height of a specially crafted TIFF
        file, which can be leveraged to execute arbitrary code.
        (STR #3031)
    
      - The web interface may be vulnerable to DNS rebinding
        attacks due to a failure to validate the HTTP Host
        header in incoming requests. (STR #3118)
    
      - A heap-based buffer overflow in pdftops allows remote
        attackers to execute arbitrary code via a PDF file with
        crafted JBIG2 symbol dictionary segments.
        (CVE-2009-0195)
    
      - Flawed 'ip' structure initialization in the function
        'ippReadIO()' could allow an anonymous remote attacker
        to crash the application via a malicious IPP request
        packet with two consecutives IPP_TAG_UNSUPPORTED tags.
        (CVE-2009-0949)");
    
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L2974");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3031");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3118");
      script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2009-18/");
      script_set_attribute(attribute:"see_also", value:"http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/504032/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/articles.php?L582");
      script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.3.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(20, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/17");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("http_version.nasl", "cups_1_3_5.nasl");
      script_require_keys("www/cups", "Settings/ParanoidReport");
      script_require_ports("Services/www", 631);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:631, embedded:TRUE);
    get_kb_item_or_exit("www/"+port+"/cups/running");
    
    version = get_kb_item_or_exit("cups/"+port+"/version");
    source  = get_kb_item_or_exit("cups/"+port+"/source");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if (
      version =~ "^1\.([0-2]|3\.[0-9])($|[^0-9])" ||
      version =~ "^1\.3(rc|b)"
    )
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : 1.3.10\n';
    
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else if (version =~ "^(1|1\.3)($|[^0-9.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version);
    else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0431.NASL
    descriptionUpdated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF
    last seen2020-06-01
    modified2020-06-02
    plugin id38898
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38898
    titleCentOS 4 / 5 : kdegraphics (CESA-2009:0431)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:0431 and 
    # CentOS Errata and Security Advisory 2009:0431 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38898);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183");
      script_bugtraq_id(34568);
      script_xref(name:"RHSA", value:"2009:0431");
    
      script_name(english:"CentOS 4 / 5 : kdegraphics (CESA-2009:0431)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kdegraphics packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kdegraphics packages contain applications for the K Desktop
    Environment, including KPDF, a viewer for Portable Document Format
    (PDF) files.
    
    Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An
    attacker could create a malicious PDF file that would cause KPDF to
    crash or, potentially, execute arbitrary code when opened.
    (CVE-2009-0147, CVE-2009-1179)
    
    Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An
    attacker could create a malicious PDF file that would cause KPDF to
    crash or, potentially, execute arbitrary code when opened.
    (CVE-2009-0146, CVE-2009-1182)
    
    Multiple flaws were found in KPDF's JBIG2 decoder that could lead to
    the freeing of arbitrary memory. An attacker could create a malicious
    PDF file that would cause KPDF to crash or, potentially, execute
    arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)
    
    Multiple input validation flaws were found in KPDF's JBIG2 decoder. An
    attacker could create a malicious PDF file that would cause KPDF to
    crash or, potentially, execute arbitrary code when opened.
    (CVE-2009-0800)
    
    Multiple denial of service flaws were found in KPDF's JBIG2 decoder.
    An attacker could create a malicious PDF that would cause KPDF to
    crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
    
    Red Hat would like to thank Braden Thomas and Drew Yao of the Apple
    Product Security team, and Will Dormann of the CERT/CC for responsibly
    reporting these flaws.
    
    Users are advised to upgrade to these updated packages, which contain
    backported patches to resolve these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-April/015780.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ee94bba5"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-May/015867.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b3191add"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-May/015868.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?673d5641"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-May/015920.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?abdce73d"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-May/015921.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3276b833"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kdegraphics packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"kdegraphics-3.3.1-13.el4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kdegraphics-devel-3.3.1-13.el4")) flag++;
    
    if (rpm_check(release:"CentOS-5", reference:"kdegraphics-3.5.4-12.el5_3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kdegraphics-devel-3.5.4-12.el5_3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL5_X.NASL
    descriptionMultiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60791
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60791
    titleScientific Linux Security Update : tetex on SL5.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0458.NASL
    descriptionFrom Red Hat Security Advisory 2009:0458 : An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf
    last seen2020-06-01
    modified2020-06-02
    plugin id67852
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67852
    titleOracle Linux 4 : gpdf (ELSA-2009-0458)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0399.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46308
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46308
    titleRHEL 4 : tetex (RHSA-2010:0399)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201310-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201310-03 (Poppler: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70309
    published2013-10-07
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70309
    titleGLSA-201310-03 : Poppler: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0430.NASL
    descriptionAn updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id36180
    published2009-04-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36180
    titleRHEL 3 / 4 : xpdf (RHSA-2009:0430)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0430.NASL
    descriptionFrom Red Hat Security Advisory 2009:0430 : An updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id67845
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67845
    titleOracle Linux 3 / 4 : xpdf (ELSA-2009-0430)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0429.NASL
    descriptionFrom Red Hat Security Advisory 2009:0429 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id67844
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67844
    titleOracle Linux 4 / 5 : cups (ELSA-2009-0429)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0429.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id36179
    published2009-04-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36179
    titleRHEL 4 / 5 : cups (RHSA-2009:0429)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0400.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46760
    published2010-06-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46760
    titleCentOS 5 : tetex (CESA-2010:0400)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0399.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46257
    published2010-05-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46257
    titleCentOS 4 : tetex (CESA-2010:0399)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0480.NASL
    descriptionUpdated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id38769
    published2009-05-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38769
    titleRHEL 5 : poppler (RHSA-2009:0480)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0430.NASL
    descriptionAn updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id36188
    published2009-04-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36188
    titleCentOS 3 / 4 : xpdf (CESA-2009:0430)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0431.NASL
    descriptionFrom Red Hat Security Advisory 2009:0431 : Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF
    last seen2020-06-01
    modified2020-06-02
    plugin id67846
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67846
    titleOracle Linux 4 : kdegraphics (ELSA-2009-0431)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0431.NASL
    descriptionUpdated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF
    last seen2020-06-01
    modified2020-06-02
    plugin id36181
    published2009-04-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36181
    titleRHEL 4 / 5 : kdegraphics (RHSA-2009:0431)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0400.NASL
    descriptionFrom Red Hat Security Advisory 2010:0400 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id68039
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68039
    titleOracle Linux 5 : tetex (ELSA-2010-0400)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0458.NASL
    descriptionAn updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf
    last seen2020-06-01
    modified2020-06-02
    plugin id38660
    published2009-05-01
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38660
    titleRHEL 4 : gpdf (RHSA-2009:0458)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0429.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id38897
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38897
    titleCentOS 4 / 5 : cups (CESA-2009:0429)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0399.NASL
    descriptionFrom Red Hat Security Advisory 2010:0399 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id68038
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68038
    titleOracle Linux 4 : tetex (ELSA-2010-0399)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0480.NASL
    descriptionUpdated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id43748
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43748
    titleCentOS 5 : poppler (CESA-2009:0480)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0480.NASL
    descriptionFrom Red Hat Security Advisory 2009:0480 : Updated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id67858
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67858
    titleOracle Linux 5 : poppler (ELSA-2009-0480)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0458.NASL
    descriptionAn updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf
    last seen2020-06-01
    modified2020-06-02
    plugin id38901
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38901
    titleCentOS 4 : gpdf (CESA-2009:0458)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-282.NASL
    descriptionMultiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147) Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. (CVE-2009-0165) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. (CVE-2009-0166) Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments (CVE-2009-0195). Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. (CVE-2009-0799) Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-0800) The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1179) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. (CVE-2009-1180) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. (CVE-2009-1181) Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1182) The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. (CVE-2009-1183) Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id42181
    published2009-10-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42181
    titleMandriva Linux Security Advisory : cups (MDVSA-2009:282-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090513_POPPLER_ON_SL5_X.NASL
    descriptionMultiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id60584
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60584
    titleScientific Linux Security Update : poppler on SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0400.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46309
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46309
    titleRHEL 5 : tetex (RHSA-2010:0400)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090430_GPDF_ON_SL4_X.NASL
    descriptionMultiple integer overflow flaws were found in GPdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60576
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60576
    titleScientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-973-1.NASL
    descriptionWill Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181) It was discovered that the Xpdf used in KOffice contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into KWord. Upstream KDE no longer supports PDF import in KOffice and as a result it was dropped in Ubuntu 9.10. While an attempt was made to fix the above issues, the maintenance burden for supporting this very old version of Xpdf outweighed its utility, and PDF import is now also disabled in Ubuntu 9.04. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48362
    published2010-08-18
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48362
    titleUbuntu 9.04 : koffice vulnerabilities (USN-973-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL4_X.NASL
    descriptionA buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60790
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60790
    titleScientific Linux Security Update : tetex on SL4.x i386/x86_64

Oval

accepted2013-04-29T04:01:16.465-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionHeap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
familyunix
idoval:org.mitre.oval:def:10076
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleHeap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
version27

Redhat

advisories
  • rhsa
    idRHSA-2009:0458
  • rhsa
    idRHSA-2009:0480
rpms
  • cups-1:1.1.22-0.rc1.9.27.el4_7.5
  • cups-1:1.3.7-8.el5_3.4
  • cups-debuginfo-1:1.1.22-0.rc1.9.27.el4_7.5
  • cups-debuginfo-1:1.3.7-8.el5_3.4
  • cups-devel-1:1.1.22-0.rc1.9.27.el4_7.5
  • cups-devel-1:1.3.7-8.el5_3.4
  • cups-libs-1:1.1.22-0.rc1.9.27.el4_7.5
  • cups-libs-1:1.3.7-8.el5_3.4
  • cups-lpd-1:1.3.7-8.el5_3.4
  • xpdf-1:2.02-14.el3
  • xpdf-1:3.00-20.el4
  • xpdf-debuginfo-1:2.02-14.el3
  • xpdf-debuginfo-1:3.00-20.el4
  • kdegraphics-7:3.3.1-13.el4
  • kdegraphics-7:3.5.4-12.el5_3
  • kdegraphics-debuginfo-7:3.3.1-13.el4
  • kdegraphics-debuginfo-7:3.5.4-12.el5_3
  • kdegraphics-devel-7:3.3.1-13.el4
  • kdegraphics-devel-7:3.5.4-12.el5_3
  • gpdf-0:2.8.2-7.7.2.el4_7.4
  • gpdf-debuginfo-0:2.8.2-7.7.2.el4_7.4
  • poppler-0:0.5.4-4.4.el5_3.9
  • poppler-debuginfo-0:0.5.4-4.4.el5_3.9
  • poppler-devel-0:0.5.4-4.4.el5_3.9
  • poppler-utils-0:0.5.4-4.4.el5_3.9
  • tetex-0:2.0.2-22.0.1.EL4.16
  • tetex-afm-0:2.0.2-22.0.1.EL4.16
  • tetex-debuginfo-0:2.0.2-22.0.1.EL4.16
  • tetex-doc-0:2.0.2-22.0.1.EL4.16
  • tetex-dvips-0:2.0.2-22.0.1.EL4.16
  • tetex-fonts-0:2.0.2-22.0.1.EL4.16
  • tetex-latex-0:2.0.2-22.0.1.EL4.16
  • tetex-xdvi-0:2.0.2-22.0.1.EL4.16
  • tetex-0:3.0-33.8.el5_5.5
  • tetex-afm-0:3.0-33.8.el5_5.5
  • tetex-debuginfo-0:3.0-33.8.el5_5.5
  • tetex-doc-0:3.0-33.8.el5_5.5
  • tetex-dvips-0:3.0-33.8.el5_5.5
  • tetex-fonts-0:3.0-33.8.el5_5.5
  • tetex-latex-0:3.0-33.8.el5_5.5
  • tetex-xdvi-0:3.0-33.8.el5_5.5