Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67320
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2010:086 (kdegraphics)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to kdegraphics
announced via advisory MDVSA-2010:086.

Multiple vulnerabilities has been found and corrected in kpdf
(kdegraphics):

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).

Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).

The updated packages have been patched to correct thess issues.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:086

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
BugTraq ID: 36703
http://www.securityfocus.com/bid/36703
Debian Security Information: DSA-1941 (Google Search)
http://www.debian.org/security/2009/dsa-1941
Debian Security Information: DSA-2028 (Google Search)
http://www.debian.org/security/2010/dsa-2028
Debian Security Information: DSA-2050 (Google Search)
http://www.debian.org/security/2010/dsa-2050
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
RedHat Security Advisories: RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RedHat Security Advisories: RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RedHat Security Advisories: RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RedHat Security Advisories: RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
RedHat Security Advisories: RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
RedHat Security Advisories: RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://securitytracker.com/id?1023029
http://secunia.com/advisories/37028
http://secunia.com/advisories/37034
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37051
http://secunia.com/advisories/37053
http://secunia.com/advisories/37054
http://secunia.com/advisories/37061
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
http://www.vupen.com/english/advisories/2009/2925
http://www.vupen.com/english/advisories/2009/2926
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
XForce ISS Database: xpdf-objectstream-bo(53794)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
Common Vulnerability Exposure (CVE) ID: CVE-2009-3609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
RedHat Security Advisories: RHSA-2009:1500
https://rhn.redhat.com/errata/RHSA-2009-1500.html
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://secunia.com/advisories/37023
XForce ISS Database: xpdf-imagestream-dos(53800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.