| Revision Date: | 2014-06-23 | Version: | 19 |
| Title: | DSA-2028 xpdf -- multiple vulnerabilities |
| Description: | Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format files. The Common Vulnerabilities and Exposures project identifies the following problems: Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document. NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document. Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document. Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2009-1188
CVE-2009-3603
CVE-2009-3604
CVE-2009-3606
CVE-2009-3608
CVE-2009-3609
DSA-2028
|
| Platform(s): | Debian GNU/Linux 5.0
| Product(s): | xpdf
|
| Definition Synopsis |
| Debian GNU/Linux 5.0 is installed AND Architecture section
Architecture independent section
Installed architecture is all
AND Packages section
xpdf-common is earlier than 3.02-1.4+lenny2
OR xpdf is earlier than 3.02-1.4+lenny2
OR xpdf-utils is earlier than 3.02-1.4+lenny2
OR xpdf-reader is earlier than 3.02-1.4+lenny2
|