CVE-2009-1182 – PDF JBIG2 MMR decoder buffer overflows
https://notcve.org/view.php?id=CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Múltiples desbordamientos del búfer en el decodificador JBIG2 MMR en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos, permiten a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1181 – PDF JBIG2 NULL dereference
https://notcve.org/view.php?id=CVE-2009-1181
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVE-2009-1180 – PDF JBIG2 invalid free()
https://notcve.org/view.php?id=CVE-2009-1180
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado que desencadena una liberación de datos no válidos. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories • CWE-399: Resource Management Errors •
CVE-2009-0146 – xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)
https://notcve.org/view.php?id=CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Múltiples desbordamientos del búfer en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permiten a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2SymbolDict::setBitmap y (2) JBIG2Stream::readSymbolDictSeg. • http://bugs.gentoo.org/show_bug.cgi?id=263028 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisori • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0577 – cups-CVE-2008-3640.patch has been corrupted.
https://notcve.org/view.php?id=CVE-2009-0577
Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640. Desbordamiento de entero en la funcion WriteProlog en texttops en CUPS v1.1.17 en Red Hat Enterprise Linux (RHEL) v3 lo que permite atacantes remotos ejecutar codigo a su eleccion a traves de un fichero PostScript manipulado que dispara un desbordamiento de bufer basado en monticulo. NOTA: Esto existe debido a un arreglo incompleto de CVE-2008-3640. • http://secunia.com/advisories/33995 http://support.avaya.com/elmodocs2/security/ASA-2009-064.htm http://www.redhat.com/support/errata/RHSA-2009-0308.html https://bugzilla.redhat.com/show_bug.cgi?id=486052 https://exchange.xforce.ibmcloud.com/vulnerabilities/48977 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9968 https://access.redhat.com/security/cve/CVE-2009-0577 • CWE-189: Numeric Errors •