Multiple buffer overflows were found in the JBIG2 decoder. An attacker could use these flaws to cause a denial of service (application crash) via specially-crafted PDF file.
attachment 336465 [details] has the updated patch that should be used for this issue.
Embargo has been lifted.
xpdf-3.02-13.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/xpdf-3.02-13.fc9
xpdf-3.02-13.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/xpdf-3.02-13.fc10
cups-1.3.10-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/cups-1.3.10-1.fc9
cups-1.3.10-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/cups-1.3.10-1.fc10
cups-1.3.10-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.3.10-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
xpdf-3.02-13.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
xpdf-3.02-13.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2009:0430 https://rhn.redhat.com/errata/RHSA-2009-0430.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0431 https://rhn.redhat.com/errata/RHSA-2009-0431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0429 https://rhn.redhat.com/errata/RHSA-2009-0429.html
This problem was independently discovered by Alin Rad Pop of Secunia Research and got assigned another CVE id: CVE-2009-0195 Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. http://secunia.com/secunia_research/2009-17/ http://secunia.com/secunia_research/2009-18/
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:0458 https://rhn.redhat.com/errata/RHSA-2009-0458.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0399 https://rhn.redhat.com/errata/RHSA-2010-0399.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0400 https://rhn.redhat.com/errata/RHSA-2010-0400.html