An integer overflow was found in poppler's SplashBitmap::SplashBitmap method. A malicious PDF file could cause poppler to execute with permissions of the user calling the library. Will Dormann of the CERT/CC created the extensive testsuite for the JBIG2 decoder in various PDF libraries that found this flaw. Acknowledgements: Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.
CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to SplashBitmap (splash/SplashBitmap.cc).
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html
Patch previously applied to poppeler did not check for overflow when computing rowSize (see bug #526915). Issue is now properly fixed in xpdf-3.02pl4: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch https://bugzilla.redhat.com/show_bug.cgi?id=526637#c14
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1502 https://rhn.redhat.com/errata/RHSA-2009-1502.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1501 https://rhn.redhat.com/errata/RHSA-2009-1501.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1503 https://rhn.redhat.com/errata/RHSA-2009-1503.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1512 https://rhn.redhat.com/errata/RHSA-2009-1512.html
xpdf-3.02-15.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
xpdf-3.02-15.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
xpdf-3.02-15.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
pdfedit-0.4.3-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
pdfedit-0.4.3-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pdfedit-0.4.3-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.