xpdf
Page content
- Author: Miklos Vajna
- Vulnerable: 3.02-5
- Unaffected: 3.02-6anacreon1
Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user’s system.
- A boundary error exists when decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code.
- Multiple integer overflows in the JBIG2 decoder can be exploited to potentially execute arbitrary code.
- Multiple boundary errors in the JBIG2 decoder can be exploited to cause buffer overflows and potentially execute arbitrary code.
- Multiple errors in the JBIG2 decoder can be exploited can be exploited to free arbitrary memory and potentially execute arbitrary code.
- Multiple unspecified input validation errors in the JBIG2 decoder can be exploited to potentially execute arbitrary code. NOTE: Additionally, various other JBIG2 processing errors can be exploited to cause crashes.
- Bug Tracker URL: http://bugs.frugalware.org/task/3770
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183