Xpdf JBIG2 Decoder Bugs Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022072
|
|
SecurityTracker URL: http://securitytracker.com/id?1022072
|
|
CVE Reference: CVE-2009-0799
, CVE-2009-1181
, CVE-2009-1183
(Links to External Site)
|
Date: Apr 17 2009
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.02
|
Description: Several vulnerabilities were reported in Xpdf. A remote user can cause denial of service conditions.
A remote user can create a specially crafted PDF file that, when processed by the target user or application, will trigger a flaw
in the JBIG2 decoder and cause the application using xpdf to crash.
Will Dormann of the CERT/CC created the JBIG2 decoder testsuite
that was used to discover these vulnerabilities.
|
Impact: A remote user can cause the target application to crash.
|
Solution: The vendor has issued a patch, available at:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
|
Vendor URL: www.foolabs.com/xpdf/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 16 Apr 2009 20:37:51 -0400
Subject: xpdf
|
Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An
attacker could create a malicious PDF that would cause Xpdf to crash when
opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
|
|
