CVE-2009-0791 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0791 Interim 1 16 2023-12-09T02:05:29Z current 2021-05-30T12:46:10Z 2023-12-09T02:05:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0791 Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UZFW5KU5NKW7N2N2NBJXVL2IW7DVJYIB/#UZFW5KU5NKW7N2N2NBJXVL2IW7DVJYIB E-Mail link for SUSE-SR:2009:012 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VDHSIVGQYGW3CBIOMJ35OP3MSZVABWVX/#VDHSIVGQYGW3CBIOMJ35OP3MSZVABWVX E-Mail link for SUSE-SR:2009:014 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TQKKCXCCJNXZGT3RQKVHND7NFINIQDSH/#TQKKCXCCJNXZGT3RQKVHND7NFINIQDSH E-Mail link for SUSE-SR:2009:020 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SUSE Linux Enterprise Software Development Kit 11 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Software Development Kit 11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Software Development Kit 11 SUSE Linux Enterprise Software Development Kit 11 SP4 cups libpoppler-devel-0.12.3-1.10.1 libpoppler-glib-devel-0.12.3-1.10.1 libpoppler-glib4-0.10.1-1.31.1 libpoppler-glib4-0.12.3-1.10.1 libpoppler-glib4-0.12.3-1.2.44 libpoppler-glib4-0.12.3-1.3.1 libpoppler-glib4-0.12.3-1.8.1 libpoppler-qt2-0.12.3-1.10.1 libpoppler-qt3-devel-0.12.3-1.10.1 libpoppler-qt4-3-0.10.1-1.31.1 libpoppler-qt4-3-0.12.3-1.10.1 libpoppler-qt4-3-0.12.3-1.2.44 libpoppler-qt4-3-0.12.3-1.3.1 libpoppler-qt4-3-0.12.3-1.8.1 libpoppler-qt4-devel-0.12.3-1.10.1 libpoppler4-0.10.1-1.31.1 libpoppler5-0.12.3-1.10.1 libpoppler5-0.12.3-1.2.44 libpoppler5-0.12.3-1.3.1 libpoppler5-0.12.3-1.8.1 poppler-tools-0.10.1-1.31.1 poppler-tools-0.12.3-1.10.1 poppler-tools-0.12.3-1.2.44 poppler-tools-0.12.3-1.3.1 poppler-tools-0.12.3-1.8.1 xpdf-tools-3.02-138.26.1 libpoppler-glib4-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server 11 libpoppler-qt4-3-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server 11 libpoppler4-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server 11 poppler-tools-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server 11 xpdf-tools-3.02-138.26.1 as a component of SUSE Linux Enterprise Server 11 libpoppler-glib4-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 libpoppler-qt4-3-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 libpoppler5-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 poppler-tools-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 xpdf-tools-3.02-138.26.1 as a component of SUSE Linux Enterprise Server 11 SP1 libpoppler-glib4-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpoppler-qt4-3-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpoppler5-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 poppler-tools-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpoppler-glib4-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpoppler-qt4-3-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpoppler5-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 poppler-tools-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpoppler-glib4-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpoppler-qt4-3-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpoppler5-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 poppler-tools-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpoppler-glib4-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libpoppler-qt4-3-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libpoppler4-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 poppler-tools-0.10.1-1.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xpdf-tools-3.02-138.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libpoppler-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-glib-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt2-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt3-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt4-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 poppler-tools-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 cups as a component of SUSE Linux Enterprise Desktop 11 cups as a component of SUSE Linux Enterprise Software Development Kit 11 Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. CVE-2009-0791 SUSE Linux Enterprise Server 11:libpoppler-glib4-0.10.1-1.31.1 SUSE Linux Enterprise Server 11:libpoppler-qt4-3-0.10.1-1.31.1 SUSE Linux Enterprise Server 11:libpoppler4-0.10.1-1.31.1 SUSE Linux Enterprise Server 11:poppler-tools-0.10.1-1.31.1 SUSE Linux Enterprise Server 11:xpdf-tools-3.02-138.26.1 SUSE Linux Enterprise Server 11 SP1:libpoppler-glib4-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:libpoppler-qt4-3-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:libpoppler5-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:poppler-tools-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:xpdf-tools-3.02-138.26.1 SUSE Linux Enterprise Server 11 SP2:libpoppler-glib4-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP2:libpoppler-qt4-3-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP2:libpoppler5-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP2:poppler-tools-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP3:libpoppler-glib4-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP3:libpoppler-qt4-3-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP3:libpoppler5-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP3:poppler-tools-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP4:libpoppler-glib4-0.12.3-1.10.1 SUSE Linux Enterprise Server 11 SP4:libpoppler-qt4-3-0.12.3-1.10.1 SUSE Linux Enterprise Server 11 SP4:libpoppler5-0.12.3-1.10.1 SUSE Linux Enterprise Server 11 SP4:poppler-tools-0.12.3-1.10.1 SUSE Linux Enterprise Server for SAP Applications 11:libpoppler-glib4-0.10.1-1.31.1 SUSE Linux Enterprise Server for SAP Applications 11:libpoppler-qt4-3-0.10.1-1.31.1 SUSE Linux Enterprise Server for SAP Applications 11:libpoppler4-0.10.1-1.31.1 SUSE Linux Enterprise Server for SAP Applications 11:poppler-tools-0.10.1-1.31.1 SUSE Linux Enterprise Server for SAP Applications 11:xpdf-tools-3.02-138.26.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-glib-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt2-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt3-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt4-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:poppler-tools-0.12.3-1.10.1 SUSE Linux Enterprise Desktop 11:cups SUSE Linux Enterprise Software Development Kit 11:cups moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P