Bug 495906 - (CVE-2009-1187) CVE-2009-1187 poppler CairoOutputDev integer overflow
CVE-2009-1187 poppler CairoOutputDev integer overflow
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 496942 496943 496944
Blocks: 491864
  Show dependency treegraph
Reported: 2009-04-15 10:22 EDT by Josh Bressers
Modified: 2016-03-04 07:16 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-04-14 10:40:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2009-04-15 10:22:13 EDT
An integer overflow was found in poppler's CairoOutputDev::drawImage
method. A malicious PDF file could cause poppler to execute with
permissions of the user calling the library.

Will Dormann of the CERT/CC created the extensive testsuite for the JBIG2
decoder in various PDF libraries that found this flaw.


Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.
Comment 2 Tomas Hoger 2009-04-24 03:15:18 EDT
Integer overflow in the JBIG2 decoding feature in Poppler before
0.10.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via vectors related to
CairoOutputDev (CairoOutputDev.cc).
Comment 4 errata-xmlrpc 2009-05-13 10:32:50 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html

Note You need to log in before you can comment on or make changes to this bug.