poppler-0.5.4-4.4.11.1AXS3
エラータID: AXSA:2009-413:02
Release date:
Tuesday, October 20, 2009 - 13:36
Subject:
poppler-0.5.4-4.4.11.1AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed
by Derek Noonburg of Glyph and Cog, LLC.
Security bugs fixed with this issue:
CVE-2009-3603
CVE-2009-3608
CVE-2009-3609
No description available at the time of writing, please see the CVE links below.
Solution:
Update packages.
CVEs:
CVE-2009-3603
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
CVE-2009-3608
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-3609
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Additional Info:
N/A
Download:
SRPMS
- poppler-0.5.4-4.4.11.1AXS3.src.rpm
MD5: 457160e695b6159a267a0e5344b7e5d6
SHA-256: d7d50f72134d1806afeae457a95e579de3db67a821bce52824b18daddad39b71
Size: 3.47 MB
Asianux Server 3 for x86
- poppler-0.5.4-4.4.11.1AXS3.i386.rpm
MD5: 3d03d1b70556a001b7e9a4b5a2c73215
SHA-256: 6f16f122084a39be9b0f49aa9d362d3f631693406217eaa087fd2b783a0b4393
Size: 3.01 MB - poppler-utils-0.5.4-4.4.11.1AXS3.i386.rpm
MD5: 77e432e1ccd0fc00024aa9fcc3edc9f8
SHA-256: cf2e6698d8e6265b41e10cb8f917aa48705ce80916f081df5184422f032b9878
Size: 72.61 kB
Asianux Server 3 for x86_64
- poppler-0.5.4-4.4.11.1AXS3.x86_64.rpm
MD5: be93b5f9555220ef6658d860e6ca10d9
SHA-256: 5dc1a7cde554a4231b54e4bc521da550640a26a71ca003bfafe95c34e25d613f
Size: 3.03 MB - poppler-utils-0.5.4-4.4.11.1AXS3.x86_64.rpm
MD5: b635fd9113cc5d2bb77c7571fe29caf4
SHA-256: 40d47b37026ac9cf726d78462d70ced8b7d654c3fbd18de8d89736394b36c0da
Size: 75.63 kB
日本語