DSA-1793-1 kdegraphics -- multipleID: oval:org.secpod.oval:def:600277 | Date: (C)2011-05-13 (M)2024-01-02 |
Class: PATCH | Family: unix |
kpdf, a Portable Document Format viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialized memory. CVE-2009-0799 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service via a crafted PDF file. We recommend that you upgrade your kdegraphics packages.
Platform: |
Debian 5.0 |
Debian 4.0 |