Vulnerabilities > CVE-2009-0756 - Denial of Service vulnerability in Poppler
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
Vulnerable Configurations
Exploit-Db
| description | Poppler 0.10.3 Multiple Denial of Service Vulnerabilities. CVE-2009-0755,CVE-2009-0756. Dos exploit for linux platform |
| id | EDB-ID:32800 |
| last seen | 2016-02-03 |
| modified | 2009-02-12 |
| published | 2009-02-12 |
| reporter | Romario |
| source | https://www.exploit-db.com/download/32800/ |
| title | Poppler 0.10.3 - Multiple Denial of Service Vulnerabilities |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_POPPLER-6319.NASL description This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. last seen 2020-06-01 modified 2020-06-02 plugin id 42030 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42030 title openSUSE 10 Security Update : poppler (poppler-6319) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update poppler-6319. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42030); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0755", "CVE-2009-0756", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"); script_name(english:"openSUSE 10 Security Update : poppler (poppler-6319)"); script_summary(english:"Check for the poppler-6319 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files." ); script_set_attribute( attribute:"solution", value:"Update the affected poppler packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-qt4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"poppler-0.5.4-101.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"poppler-devel-0.5.4-101.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"poppler-glib-0.5.4-101.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"poppler-qt-0.5.4-101.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"poppler-qt4-0.5.4-101.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"poppler-tools-0.5.4-101.6") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler"); }NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBPOPPLER4-090622.NASL description This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. last seen 2020-06-01 modified 2020-06-02 plugin id 40267 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40267 title openSUSE Security Update : libpoppler4 (libpoppler4-1032) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBPOPPLER3-090611.NASL description This update of poppler: fix various security bugs that occur while decoding JBIG2 (CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183). Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. last seen 2020-06-01 modified 2020-06-02 plugin id 40042 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40042 title openSUSE Security Update : libpoppler3 (libpoppler3-1035) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1941.NASL description Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document. An update for the old stable distribution (etch) will be issued soon as version 0.4.5-5.1etch4. last seen 2020-06-01 modified 2020-06-02 plugin id 44806 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44806 title Debian DSA-1941-1 : poppler - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-068.NASL description A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. Update : The previous packages were not signed, this new update fixes that issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36675 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36675 title Mandriva Linux Security Advisory : poppler (MDVSA-2009:068-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPOPPLER4-090622.NASL description This update of poppler: fix various security bugs that occur while decoding JBIG2. (CVE-2009-0146 / CVE-2009-0147 / CVE-2009-0165 / CVE-2009-0166 / CVE-2009-0799 / CVE-2009-0800 / CVE-2009-1179 / CVE-2009-1180 / CVE-2009-1181 / CVE-2009-1182 / CVE-2009-1183) Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. last seen 2020-06-01 modified 2020-06-02 plugin id 41427 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41427 title SuSE 11 Security Update : libpoppler4 (SAT Patch Number 1034) NASL family SuSE Local Security Checks NASL id SUSE_POPPLER-6315.NASL description This update of poppler: fix various security bugs that occur while decoding JBIG2. (CVE-2009-0146 / CVE-2009-0147 / CVE-2009-0165 / CVE-2009-0166 / CVE-2009-0799 / CVE-2009-0800 / CVE-2009-1179 / CVE-2009-1180 / CVE-2009-1181 / CVE-2009-1182 / CVE-2009-1183) Further a denial of service bug in function FormWidgetChoice::loadDefaults() (CVE-2009-0755) and JBIG2Stream::readSymbolDictSeg() (CVE-2009-0756) was closed that could be triggered via malformed PDF files. last seen 2020-06-01 modified 2020-06-02 plugin id 41578 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41578 title SuSE 10 Security Update : poppler (ZYPP Patch Number 6315)
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-07-15 |
| organization | Red Hat |
| statement | This issue is a duplicate of CVE-2009-0166, which was addressed in affected products via following updates: https://rhn.redhat.com/errata/CVE-2009-0166.html |
References
- http://bugs.freedesktop.org/show_bug.cgi?id=19702
- http://lists.freedesktop.org/archives/poppler/2009-January/004403.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/33853
- http://secunia.com/advisories/35685
- http://wiki.rpath.com/Advisories:rPSA-2009-0059
- http://www.openwall.com/lists/oss-security/2009/02/13/1
- http://www.openwall.com/lists/oss-security/2009/02/19/2
- http://www.securityfocus.com/archive/1/502761/100/0/threaded
- http://www.securityfocus.com/bid/33749