Debian: DSA-1793-1 Critical: Kdegraphics Denial Of Service Threats
debian
May 6, 2009
kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790
Topics Covered
Summary
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in kpdf allow
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and
(2) JBIG2Stream::readSymbolDictSeg.
CVE-2009-0147
Multiple integer overflows in the JBIG2 decoder in kpdf allow
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,
(2) JBIG2Stream::readSymbolDictSeg, and (3)
JBIG2Stream::readGenericBitmap.
CVE-2009-0165
Integer overflow in the JBIG2 decoder in kpdf has unspecified
impact related to "g*allocn."
CVE-2009-0166
The JBIG2 decoder in kpdf allows remote attackers to cause a
denial of service (crash) via a crafted PDF file that triggers a
free of uninitialized memory.
CVE-2009-0799
The JBIG2 decoder in kpdf allows remote attackers to cause a
denial o...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!