Description: | Description: The remote host is missing an update to kdegraphics announced via advisory DSA 1793-1.
kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
CVE-2009-0165
Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to g*allocn.
CVE-2009-0166
The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
CVE-2009-0799
The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
CVE-2009-0800
Multiple input validation flaws in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1179
Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1180
The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
CVE-2009-1181
The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-1183
The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
We recommend that you upgrade your kdegraphics packages.
Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201793-1
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|