[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:282-1 -- Mandriva cups

ID: oval:org.secpod.oval:def:300518Date: (C)2012-01-07   (M)2017-10-04
Class: PATCHFamily: unix




Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGenericBitmap. Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the _cupsImageReadTIFF function in the imagetops filter and imagetoraster filter, leading to a heap-based buffer overflow. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a free of uninitialized memory. Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments . Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to Decrypt.cxx, FoFiTrueType.cxx, gmem.c, JBIG2Stream.cxx, and PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers an out-of-bounds read. Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file that triggers a NULL pointer dereference. Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service via a crafted PDF file. Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. This update corrects the problems. Update: Packages for 2008.0 are being provided due to extended support for Corporate products.

Platform:
Mandriva Linux 2008.0
Product:
cups
Reference:
MDVSA-2009:282-1
CVE-2009-3609
CVE-2009-3608
CVE-2009-1183
CVE-2009-1182
CVE-2009-1181
CVE-2009-1180
CVE-2009-1179
CVE-2009-0949
CVE-2009-0800
CVE-2009-0799
CVE-2009-0791
CVE-2009-0195
CVE-2009-0166
CVE-2009-0165
CVE-2009-0163
CVE-2009-0147
CVE-2009-0146
CVE    17
CVE-2009-0165
CVE-2009-3608
CVE-2009-3609
CVE-2009-0163
...
CPE    1
cpe:/o:mandriva:linux:2008.0

© 2013 SecPod Technologies