Vulnerabilities > CVE-2009-0755 - Denial of Service vulnerability in Poppler

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
poppler
nessus
exploit available

Summary

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

Exploit-Db

descriptionPoppler 0.10.3 Multiple Denial of Service Vulnerabilities. CVE-2009-0755,CVE-2009-0756. Dos exploit for linux platform
idEDB-ID:32800
last seen2016-02-03
modified2009-02-12
published2009-02-12
reporterRomario
sourcehttps://www.exploit-db.com/download/32800/
titlePoppler 0.10.3 - Multiple Denial of Service Vulnerabilities

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_POPPLER-6319.NASL
    descriptionThis update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files.
    last seen2020-06-01
    modified2020-06-02
    plugin id42030
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42030
    titleopenSUSE 10 Security Update : poppler (poppler-6319)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update poppler-6319.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42030);
      script_version ("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:37");
    
      script_cve_id("CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0755", "CVE-2009-0756", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183");
    
      script_name(english:"openSUSE 10 Security Update : poppler (poppler-6319)");
      script_summary(english:"Check for the poppler-6319 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of poppler: fix various security bugs that occur while
    decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165,
    CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
    CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183).
    
    Further a denial of service bug in function
    FormWidgetChoice::loadDefaults() (CVE-2009-0755) and
    JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could
    be triggered via malformed PDF files."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected poppler packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-qt4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.3", reference:"poppler-0.5.4-101.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"poppler-devel-0.5.4-101.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"poppler-glib-0.5.4-101.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"poppler-qt-0.5.4-101.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"poppler-qt4-0.5.4-101.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"poppler-tools-0.5.4-101.6") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBPOPPLER4-090622.NASL
    descriptionThis update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files.
    last seen2020-06-01
    modified2020-06-02
    plugin id40267
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40267
    titleopenSUSE Security Update : libpoppler4 (libpoppler4-1032)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBPOPPLER3-090611.NASL
    descriptionThis update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files.
    last seen2020-06-01
    modified2020-06-02
    plugin id40042
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40042
    titleopenSUSE Security Update : libpoppler3 (libpoppler3-1035)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1941.NASL
    descriptionSeveral integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document. An update for the old stable distribution (etch) will be issued soon as version 0.4.5-5.1etch4.
    last seen2020-06-01
    modified2020-06-02
    plugin id44806
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44806
    titleDebian DSA-1941-1 : poppler - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-850-1.NASL
    descriptionIt was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42207
    published2009-10-22
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42207
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : poppler vulnerabilities (USN-850-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-068.NASL
    descriptionA crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. Update : The previous packages were not signed, this new update fixes that issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36675
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36675
    titleMandriva Linux Security Advisory : poppler (MDVSA-2009:068-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPOPPLER4-090622.NASL
    descriptionThis update of poppler: fix various security bugs that occur while decoding JBIG2. (CVE-2009-0146 / CVE-2009-0147 / CVE-2009-0165 / CVE-2009-0166 / CVE-2009-0799 / CVE-2009-0800 / CVE-2009-1179 / CVE-2009-1180 / CVE-2009-1181 / CVE-2009-1182 / CVE-2009-1183) Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files.
    last seen2020-06-01
    modified2020-06-02
    plugin id41427
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41427
    titleSuSE 11 Security Update : libpoppler4 (SAT Patch Number 1034)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POPPLER-6315.NASL
    descriptionThis update of poppler: fix various security bugs that occur while decoding JBIG2. (CVE-2009-0146 / CVE-2009-0147 / CVE-2009-0165 / CVE-2009-0166 / CVE-2009-0799 / CVE-2009-0800 / CVE-2009-1179 / CVE-2009-1180 / CVE-2009-1181 / CVE-2009-1182 / CVE-2009-1183) Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files.
    last seen2020-06-01
    modified2020-06-02
    plugin id41578
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41578
    titleSuSE 10 Security Update : poppler (ZYPP Patch Number 6315)

Statements

contributorTomas Hoger
lastmodified2009-07-15
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of poppler, xpdf, gpdf and kdegraphics as shipped with Red Hat Enterprise Linux 3, 4, or 5.