Vulnerabilities > CVE-2009-0791 - Numeric Errors vulnerability in Apple Cups 1.1.17/1.1.22/1.3.7

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.

Vulnerable Configurations

Part Description Count
Application
Apple
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_XPDF-090727.NASL
    descriptionSpecially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791).
    last seen2020-06-01
    modified2020-06-02
    plugin id40787
    published2009-08-27
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40787
    titleopenSUSE Security Update : xpdf (xpdf-1138)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL5_X.NASL
    descriptionMultiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60791
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60791
    titleScientific Linux Security Update : tetex on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBPOPPLER-DEVEL-100111.NASL
    descriptionThis update of libpoppler5 fixes various security issues. CVE-2009-0791: Fix multiple integer overflows in
    last seen2020-06-01
    modified2020-06-02
    plugin id43856
    published2010-01-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43856
    titleopenSUSE Security Update : libpoppler-devel (libpoppler-devel-1735)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0399.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46308
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46308
    titleRHEL 4 : tetex (RHSA-2010:0399)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPOPPLER-DEVEL-091221.NASL
    descriptionThis update of libpoppler4 fixes various security issues. - Fix multiple integer overflows in
    last seen2020-06-01
    modified2020-06-02
    plugin id43620
    published2010-01-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43620
    titleSuSE 11 Security Update : libpoppler (SAT Patch Number 1731)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1512.NASL
    descriptionUpdated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42164
    published2009-10-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42164
    titleRHEL 4 : kdegraphics (RHSA-2009:1512)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-6378.NASL
    descriptionSpecially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code. (CVE-2009-0791)
    last seen2020-06-01
    modified2020-06-02
    plugin id41603
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41603
    titleSuSE 10 Security Update : xpdf (ZYPP Patch Number 6378)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-6376.NASL
    descriptionSpecially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791).
    last seen2020-06-01
    modified2020-06-02
    plugin id42042
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42042
    titleopenSUSE 10 Security Update : xpdf (xpdf-6376)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XPDF-090727.NASL
    descriptionSpecially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code. (CVE-2009-0791)
    last seen2020-06-01
    modified2020-06-02
    plugin id41463
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41463
    titleSuSE 11 Security Update : xpdf (SAT Patch Number 1140)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1512.NASL
    descriptionUpdated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43805
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43805
    titleCentOS 4 : kdegraphics (CESA-2009:1512)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091015_XPDF_ON_SL3_X.NASL
    descriptionCVE-2009-0791 xpdf: multiple integer overflows CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)
    last seen2020-06-01
    modified2020-06-02
    plugin id60681
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60681
    titleScientific Linux Security Update : xpdf on SL3.x, SL4.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBPOPPLER-DEVEL-091223.NASL
    descriptionThis update of libpoppler3 fixes various security issues. CVE-2009-0791: Fix multiple integer overflows in
    last seen2020-06-01
    modified2020-06-02
    plugin id43616
    published2010-01-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43616
    titleopenSUSE Security Update : libpoppler-devel (libpoppler-devel-1740)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1083.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id39303
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39303
    titleCentOS 3 / 4 : cups (CESA-2009:1083)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1502.NASL
    descriptionUpdated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43802
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43802
    titleCentOS 5 : kdegraphics (CESA-2009:1502)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091015_KDEGRAPHICS_ON_SL4_X.NASL
    descriptionCVE-2009-0791 xpdf: multiple integer overflows CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)
    last seen2020-06-01
    modified2020-06-02
    plugin id60679
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60679
    titleScientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_XPDF-090727.NASL
    descriptionSpecially crafted PDF documents could crash xpdf or potentially even allow execution of arbitrary code (CVE-2009-0791).
    last seen2020-06-01
    modified2020-06-02
    plugin id40793
    published2009-08-27
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40793
    titleopenSUSE Security Update : xpdf (xpdf-1138)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1512.NASL
    descriptionFrom Red Hat Security Advisory 2009:1512 : Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67943
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67943
    titleOracle Linux 4 : kdegraphics (ELSA-2009-1512)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-6279.NASL
    descriptionThe
    last seen2020-06-01
    modified2020-06-02
    plugin id41495
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41495
    titleSuSE 10 Security Update : CUPS (ZYPP Patch Number 6279)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090603_CUPS_ON_SL3_X.NASL
    descriptionA NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id60592
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60592
    titleScientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-055.NASL
    descriptionAn out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0799). Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-0800). An integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-1179). A free of invalid data flaw in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180). A NULL pointer dereference flaw in the JBIG2 decoder allows remote attackers to cause denial of service (crash) via a crafted PDF file (CVE-2009-1181). Multiple buffer overflows in the JBIG2 MMR decoder allows remote attackers to cause denial of service or to execute arbitrary code via a crafted PDF file (CVE-2009-1182, CVE-2009-1183). An integer overflow in the JBIG2 decoding feature allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187). An integer overflow in the JBIG2 decoding feature allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document (CVE-2009-1188). Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third-party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603). The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow (CVE-2009-3604). Multiple integer overflows allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791 (CVE-2009-3605). Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3606). Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third-party information (CVE-2009-3607). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read (CVE-2009-3609). Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file (CVE-2009-3938). This update provides fixes for that vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id44995
    published2010-03-08
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44995
    titleMandriva Linux Security Advisory : poppler (MDVSA-2010:055)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0400.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46760
    published2010-06-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46760
    titleCentOS 5 : tetex (CESA-2010:0400)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0399.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46257
    published2010-05-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46257
    titleCentOS 4 : tetex (CESA-2010:0399)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0480.NASL
    descriptionUpdated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id38769
    published2009-05-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38769
    titleRHEL 5 : poppler (RHSA-2009:0480)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1500.NASL
    descriptionAn updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604, CVE-2009-3606, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42151
    published2009-10-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42151
    titleCentOS 3 : xpdf (CESA-2009:1500)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0400.NASL
    descriptionFrom Red Hat Security Advisory 2010:0400 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id68039
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68039
    titleOracle Linux 5 : tetex (ELSA-2010-0400)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1501.NASL
    descriptionFrom Red Hat Security Advisory 2009:1501 : An updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67940
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67940
    titleOracle Linux 4 : xpdf (ELSA-2009-1501)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1083.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id39307
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39307
    titleRHEL 3 / 4 : cups (RHSA-2009:1083)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1503.NASL
    descriptionFrom Red Hat Security Advisory 2009:1503 : An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67941
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67941
    titleOracle Linux 4 : gpdf (ELSA-2009-1503)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0399.NASL
    descriptionFrom Red Hat Security Advisory 2010:0399 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id68038
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68038
    titleOracle Linux 4 : tetex (ELSA-2010-0399)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1083.NASL
    descriptionFrom Red Hat Security Advisory 2009:1083 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id67868
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67868
    titleOracle Linux 3 / 4 : cups (ELSA-2009-1083)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1501.NASL
    descriptionAn updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43801
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43801
    titleCentOS 4 : xpdf (CESA-2009:1501)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBPOPPLER-DEVEL-091222.NASL
    descriptionThis update of poppler fixes several security issues : This update of libpoppler4 fixes various security issues. CVE-2009-0791: Fix multiple integer overflows in
    last seen2020-06-01
    modified2020-06-02
    plugin id43617
    published2010-01-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43617
    titleopenSUSE Security Update : libpoppler-devel (libpoppler-devel-1741)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1500.NASL
    descriptionAn updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604, CVE-2009-3606, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42159
    published2009-10-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42159
    titleRHEL 3 : xpdf (RHSA-2009:1500)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0480.NASL
    descriptionUpdated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id43748
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43748
    titleCentOS 5 : poppler (CESA-2009:0480)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0401.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46258
    published2010-05-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46258
    titleCentOS 3 : tetex (CESA-2010:0401)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0480.NASL
    descriptionFrom Red Hat Security Advisory 2009:0480 : Updated poppler packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler
    last seen2020-06-01
    modified2020-06-02
    plugin id67858
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67858
    titleOracle Linux 5 : poppler (ELSA-2009-0480)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-282.NASL
    descriptionMultiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147) Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. (CVE-2009-0165) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. (CVE-2009-0166) Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments (CVE-2009-0195). Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. (CVE-2009-0799) Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-0800) The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1179) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. (CVE-2009-1180) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. (CVE-2009-1181) Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1182) The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. (CVE-2009-1183) Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id42181
    published2009-10-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42181
    titleMandriva Linux Security Advisory : cups (MDVSA-2009:282-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091015_GPDF_ON_SL4_X.NASL
    descriptionCVE-2009-0791 xpdf: multiple integer overflows CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)
    last seen2020-06-01
    modified2020-06-02
    plugin id60678
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60678
    titleScientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL3_X.NASL
    descriptionA buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609)
    last seen2020-06-01
    modified2020-06-02
    plugin id60789
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60789
    titleScientific Linux Security Update : tetex on SL3.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0401.NASL
    descriptionFrom Red Hat Security Advisory 2010:0401 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68040
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68040
    titleOracle Linux 3 : tetex (ELSA-2010-0401)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12434.NASL
    descriptionThe following bugs have been fixed : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id41304
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41304
    titleSuSE9 Security Update : CUPS (YOU Patch Number 12434)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1503.NASL
    descriptionAn updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42162
    published2009-10-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42162
    titleRHEL 4 : gpdf (RHSA-2009:1503)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0400.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46309
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46309
    titleRHEL 5 : tetex (RHSA-2010:0400)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBPOPPLER-DEVEL-091222.NASL
    descriptionThis update of libpoppler5 fixes various security issues. CVE-2009-0791: Fix multiple integer overflows in
    last seen2020-06-01
    modified2020-06-02
    plugin id43618
    published2010-01-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43618
    titleSuSE 11.2 Security Update: libpoppler-devel (2009-12-22)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1500.NASL
    descriptionFrom Red Hat Security Advisory 2009:1500 : An updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604, CVE-2009-3606, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67939
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67939
    titleOracle Linux 3 : xpdf (ELSA-2009-1500)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1502.NASL
    descriptionUpdated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42161
    published2009-10-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42161
    titleRHEL 5 : kdegraphics (RHSA-2009:1502)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1503.NASL
    descriptionAn updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43803
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43803
    titleCentOS 4 : gpdf (CESA-2009:1503)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-6285.NASL
    descriptionThe
    last seen2020-06-01
    modified2020-06-02
    plugin id39389
    published2009-06-15
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39389
    titleopenSUSE 10 Security Update : cups (cups-6285)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL4_X.NASL
    descriptionA buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60790
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60790
    titleScientific Linux Security Update : tetex on SL4.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0401.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46310
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46310
    titleRHEL 3 : tetex (RHSA-2010:0401)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1501.NASL
    descriptionAn updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42160
    published2009-10-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42160
    titleRHEL 4 : xpdf (RHSA-2009:1501)

Oval

accepted2013-04-29T04:06:30.196-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
familyunix
idoval:org.mitre.oval:def:10534
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
version27

Redhat

advisories
  • rhsa
    idRHSA-2009:1083
  • rhsa
    idRHSA-2009:1500
  • rhsa
    idRHSA-2009:1501
  • rhsa
    idRHSA-2009:1502
  • rhsa
    idRHSA-2009:1503
  • rhsa
    idRHSA-2009:1512
rpms
  • poppler-0:0.5.4-4.4.el5_3.9
  • poppler-debuginfo-0:0.5.4-4.4.el5_3.9
  • poppler-devel-0:0.5.4-4.4.el5_3.9
  • poppler-utils-0:0.5.4-4.4.el5_3.9
  • cups-1:1.1.17-13.3.62
  • cups-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-debuginfo-1:1.1.17-13.3.62
  • cups-debuginfo-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-devel-1:1.1.17-13.3.62
  • cups-devel-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-libs-1:1.1.17-13.3.62
  • cups-libs-1:1.1.22-0.rc1.9.32.el4_8.3
  • xpdf-1:2.02-17.el3
  • xpdf-debuginfo-1:2.02-17.el3
  • xpdf-1:3.00-22.el4_8.1
  • xpdf-debuginfo-1:3.00-22.el4_8.1
  • kdegraphics-7:3.5.4-15.el5_4.2
  • kdegraphics-debuginfo-7:3.5.4-15.el5_4.2
  • kdegraphics-devel-7:3.5.4-15.el5_4.2
  • gpdf-0:2.8.2-7.7.2.el4_8.5
  • gpdf-debuginfo-0:2.8.2-7.7.2.el4_8.5
  • kdegraphics-7:3.3.1-15.el4_8.2
  • kdegraphics-debuginfo-7:3.3.1-15.el4_8.2
  • kdegraphics-devel-7:3.3.1-15.el4_8.2
  • tetex-0:2.0.2-22.0.1.EL4.16
  • tetex-afm-0:2.0.2-22.0.1.EL4.16
  • tetex-debuginfo-0:2.0.2-22.0.1.EL4.16
  • tetex-doc-0:2.0.2-22.0.1.EL4.16
  • tetex-dvips-0:2.0.2-22.0.1.EL4.16
  • tetex-fonts-0:2.0.2-22.0.1.EL4.16
  • tetex-latex-0:2.0.2-22.0.1.EL4.16
  • tetex-xdvi-0:2.0.2-22.0.1.EL4.16
  • tetex-0:3.0-33.8.el5_5.5
  • tetex-afm-0:3.0-33.8.el5_5.5
  • tetex-debuginfo-0:3.0-33.8.el5_5.5
  • tetex-doc-0:3.0-33.8.el5_5.5
  • tetex-dvips-0:3.0-33.8.el5_5.5
  • tetex-fonts-0:3.0-33.8.el5_5.5
  • tetex-latex-0:3.0-33.8.el5_5.5
  • tetex-xdvi-0:3.0-33.8.el5_5.5
  • tetex-0:1.0.7-67.19
  • tetex-afm-0:1.0.7-67.19
  • tetex-debuginfo-0:1.0.7-67.19
  • tetex-dvips-0:1.0.7-67.19
  • tetex-fonts-0:1.0.7-67.19
  • tetex-latex-0:1.0.7-67.19
  • tetex-xdvi-0:1.0.7-67.19

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35195 CVE(CAN) ID: CVE-2009-0791 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的pdftops过滤器中存在多个可能导致堆溢出的整数溢出漏洞。攻击者可以创建恶意的PDF文件,如果打印了该文件就会导致pdftops崩溃或以运行lp用户的权限执行任意指令。 Easy Software Products CUPS 1.1.22 厂商补丁: Easy Software Products ---------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://svn.easysw.com/public/cups/tags/release-1.2.0/pdftops/JBIG2Stream.cxx" target="_blank" rel=external nofollow>http://svn.easysw.com/public/cups/tags/release-1.2.0/pdftops/JBIG2Stream.cxx</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1083-01)以及相应补丁: RHSA-2009:1083-01:Important: cups security update 链接:<a href="https://www.redhat.com/support/errata/RHSA-2009-1083.html" target="_blank" rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-1083.html</a>
idSSV:11536
last seen2017-11-19
modified2009-06-05
published2009-06-05
reporterRoot
titleCUPS pdftops过滤器多个整数溢出漏洞