Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-3605

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Related bugs and status

CVE-2009-3605 (Candidate) is related to these bugs:

Bug #457985: poppler 0.10.5-1ubuntu2.4 regression since -1ubuntu2.2

Summary				In	Importance	Status
	457985	poppler 0.10.5-1ubuntu2.4 regression since -1ubuntu2.2		poppler (Ubuntu)	Undecided	Fix Released
	457985	poppler 0.10.5-1ubuntu2.4 regression since -1ubuntu2.2		Poppler	High	Unknown

See the

CVE page on Mitre.org for more details.

References

MISC: http://sunsolve.sun.co...
MISC: http://sunsolve.sun.co...
MISC: http://secunia.com/adv...
MISC: http://www.mandriva.co...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://lists.opensuse....
MISC: http://www.ubuntu.com/...
MISC: http://cgit.freedeskto...
MISC: http://cgit.freedeskto...
MISC: http://cgit.freedeskto...
MISC: https://bugs.launchpad...
MISC: https://launchpad.net/...
MISC: https://launchpad.net/...
MISC: https://oval.cisecurit...