[Forgot Password]
Login  Register Subscribe

23631

 
 

115036

 
 

95906

 
 

909

 
 

77949

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1793 kdegraphics -- multiple vulnerabilities

ID: oval:org.mitre.oval:def:7864Date: (C)2009-12-15   (M)2017-10-04
Class: PATCHFamily: unix




kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. The old stable distribution (etch), these problems have been fixed in version 3.5.5-3etch3.

Platform:
Debian 5.0
Debian 4.0
Product:
kdegraphics
Reference:
DSA-1793
CVE-2009-0146
CVE-2009-0147
CVE-2009-0165
CVE-2009-0166
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE    11
CVE-2009-0165
CVE-2009-0147
CVE-2009-0146
CVE-2009-0166
...

© 2013 SecPod Technologies