English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63955
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1790-1)
Summary:The remote host is missing an update for the Debian 'xpdf' package(s) announced via the DSA-1790-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'xpdf' package(s) announced via the DSA-1790-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files.

The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-0146

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

CVE-2009-0147

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

CVE-2009-0165

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to 'g*allocn.'

CVE-2009-0166

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

CVE-2009-0799

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

CVE-2009-0800

Multiple 'input validation flaws' in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2009-1179

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2009-1180

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

CVE-2009-1181

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

CVE-2009-1182

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2009-1183

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'xpdf' package(s) on Debian 4, Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0146
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 34568
http://www.securityfocus.com/bid/34568
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/502761/100/0/threaded
Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search)
http://www.securityfocus.com/archive/1/502750/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-1790 (Google Search)
http://www.debian.org/security/2009/dsa-1790
Debian Security Information: DSA-1793 (Google Search)
http://www.debian.org/security/2009/dsa-1793
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RedHat Security Advisories: RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securitytracker.com/id?1022073
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34755
http://secunia.com/advisories/34756
http://secunia.com/advisories/34852
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/34991
http://secunia.com/advisories/35037
http://secunia.com/advisories/35064
http://secunia.com/advisories/35065
http://secunia.com/advisories/35074
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SuSE Security Announcement: SUSE-SA:2009:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2010/1040
Common Vulnerability Exposure (CVE) ID: CVE-2009-0147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941
Common Vulnerability Exposure (CVE) ID: CVE-2009-0165
XForce ISS Database: multiple-jbig2-unspecified(50377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50377
Common Vulnerability Exposure (CVE) ID: CVE-2009-0166
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778
Common Vulnerability Exposure (CVE) ID: CVE-2009-0195
BugTraq ID: 34791
http://www.securityfocus.com/bid/34791
Bugtraq: 20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/502759/100/0/threaded
Bugtraq: 20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/502762/100/0/threaded
http://secunia.com/secunia_research/2009-17/
http://secunia.com/secunia_research/2009-18/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076
Common Vulnerability Exposure (CVE) ID: CVE-2009-0799
1022072
http://www.securitytracker.com/id?1022072
34291
34481
34568
34746
http://secunia.com/advisories/34746
34755
34756
34852
34959
34963
34991
35037
35064
35065
35618
35685
ADV-2009-1065
ADV-2009-1066
ADV-2009-1076
http://www.vupen.com/english/advisories/2009/1076
ADV-2009-1077
ADV-2010-1040
DSA-1790
DSA-1793
FEDORA-2009-6972
FEDORA-2009-6973
FEDORA-2009-6982
MDVSA-2009:101
MDVSA-2010:087
MDVSA-2011:175
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
RHSA-2009:0429
RHSA-2009:0430
RHSA-2009:0431
RHSA-2009:0458
RHSA-2009:0480
SSA:2009-129-01
SUSE-SA:2009:024
SUSE-SR:2009:010
SUSE-SR:2009:012
VU#196617
http://www.kb.cert.org/vuls/id/196617
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886
http://poppler.freedesktop.org/releases.html
oval:org.mitre.oval:def:10204
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204
Common Vulnerability Exposure (CVE) ID: CVE-2009-0800
1022073
https://bugzilla.redhat.com/show_bug.cgi?id=495887
oval:org.mitre.oval:def:11323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
Common Vulnerability Exposure (CVE) ID: CVE-2009-1179
35379
http://secunia.com/advisories/35379
ADV-2009-1522
http://www.vupen.com/english/advisories/2009/1522
ADV-2009-1621
APPLE-SA-2009-06-08-1
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
APPLE-SA-2009-06-17-1
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
https://bugzilla.redhat.com/show_bug.cgi?id=495889
oval:org.mitre.oval:def:11892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892
Common Vulnerability Exposure (CVE) ID: CVE-2009-1180
https://bugzilla.redhat.com/show_bug.cgi?id=495892
oval:org.mitre.oval:def:9926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926
Common Vulnerability Exposure (CVE) ID: CVE-2009-1181
https://bugzilla.redhat.com/show_bug.cgi?id=495894
oval:org.mitre.oval:def:9683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1182
https://bugzilla.redhat.com/show_bug.cgi?id=495896
oval:org.mitre.oval:def:10735
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
Common Vulnerability Exposure (CVE) ID: CVE-2009-1183
https://bugzilla.redhat.com/show_bug.cgi?id=495899
oval:org.mitre.oval:def:10769
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.