Bug 495906 (CVE-2009-1187)

Summary: CVE-2009-1187 poppler CairoOutputDev integer overflow
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jrb, mjc, mkasik
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1187
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-04-14 14:40:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 496942, 496943, 496944    
Bug Blocks: 491864    

Description Josh Bressers 2009-04-15 14:22:13 UTC 
An integer overflow was found in poppler's CairoOutputDev::drawImage
method. A malicious PDF file could cause poppler to execute with
permissions of the user calling the library.

Will Dormann of the CERT/CC created the extensive testsuite for the JBIG2
decoder in various PDF libraries that found this flaw.

Acknowledgements:

Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.
Comment 2 Tomas Hoger 2009-04-24 07:15:18 UTC 
CVE-2009-1187:
Integer overflow in the JBIG2 decoding feature in Poppler before
0.10.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via vectors related to
CairoOutputDev (CairoOutputDev.cc).
Comment 4 errata-xmlrpc 2009-05-13 14:32:50 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html