Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22669
HistoryOct 22, 2009 - 12:00 a.m.

[oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation

2009-10-2200:00:00
vulners.com
31
JSON

#2009-016 Poppler, Xpdf integer overflows during heap allocation

Description:

Poppler and Xpdf are two popular open source projects for processing PDF
files. Both projects are vulnerable to an integer overflow during heap
memory allocation when processing a PDF file. In general, this results
in unexpected process termination. If an application using this code is
multi-threaded (or uses a crash signal handler), it may be possible to
execute arbitrary code.

The vulnerability resides in the object stream handler. In particular,
a multiplicative overflow occurs when a large number of embedded objects
are specified. An overflow check was in place in the code, but it only
protected related calls to gmalloc(). The C++ object array allocation
code (new[]) is not guarded by the upper bound check and the call to
new[] does not result in an exception with gcc. This results in bytes
being written after the valid heap allocation during object
construction.

Both software packages have released fixed versions which limit the allowed
object count to a domain specific value.

A detailed analysis by the reporter can be found in the References.

Affected version:

Poppler < 0.12.1

Xpdf < 3.02pl4

Fixed version:

Poppler >= 0.12.1

Xpdf >= 3.02pl4

Credit: vulnerability report and PoC received from
Chris Rohlf <[email protected]>.

CVE: CVE-2009-3608

Timeline:

2009-09-04: vulnerability report received
2009-09-17: proof of concept received from reporter
2009-09-21: impact reviewed
2009-09-29: contacted poppler maintainer
2009-09-29: vendor-sec notified
2009-09-30: vendor-sec discussion expanded to include xpdf maintainer
2009-10-02: final fix agreed upon by both maintainers
2009-10-12: CVE assigned by Tomas Hoger of RedHat
2009-10-14: fixed Xpdf released
2009-10-18: fixed Poppler released
2009-10-21: advisory published

References:
http://poppler.freedesktop.org/
http://www.foolabs.com/xpdf/CHANGES
http://chargen.matasano.com/chargen/2009/10/9/a-c-challenge.html
http://chargen.matasano.com/chargen/2009/10/15/a-c-challenge-the-conclusion.html
http://sites.google.com/site/em386cr/Home/CVE-2009-3608-explained.txt
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351

Permalink:
http://www.ocert.org/advisories/ocert-2009-016.html

–
Will Drewry <[email protected]>
http://ocert.org

Related

altlinux 3
cve 2
veracode 1
prion 1
ubuntucve 1
debiancve 1
openvas 96
nessus 58
redhat 6
oraclelinux 5
centos 6
securityvulns 3
ubuntu 3
fedora 7
debian 2
slackware 2
osv 2
altlinux
altlinux
Security fix for the ALT Linux 5 package poppler5 version 0.12.1-alt1
2009-10-19 00:00:00
Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt3
2009-10-19 00:00:00
Security fix for the ALT Linux 5 package xpdf version 3.02-alt7
2009-11-15 00:00:00
cve
cve
CVE-2009-3608
2009-10-21 17:30:00
CVE-2009-3908
2009-12-12 02:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:38:29
prion
prion
Integer overflow
2009-10-21 17:30:00
ubuntucve
ubuntucve
CVE-2009-3608
2009-10-21 00:00:00
debiancve
debiancve
CVE-2009-3608
2009-10-21 17:30:00
openvas
openvas
CentOS Security Advisory CESA-2009:1513 (cups)
2009-11-11 00:00:00
Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)
2010-03-12 00:00:00
Oracle Linux Local Check: ELSA-2009-1513
2015-10-08 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : cups (MDVSA-2009:280)
2010-07-30 00:00:00
SuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 6652)
2010-10-11 00:00:00
Scientific Linux Security Update : cups on SL5.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2009:1513) Moderate: cups security update
2009-10-15 00:00:00
(RHSA-2009:1504) Important: poppler security and bug fix update
2009-10-15 00:00:00
(RHSA-2009:1503) Important: gpdf security update
2009-10-15 00:00:00
oraclelinux
oraclelinux
cups security update
2009-10-15 00:00:00
poppler security and bug fix update
2009-10-15 00:00:00
kdegraphics security update
2009-10-15 00:00:00
centos
centos
cups security update
2009-10-30 14:43:47
poppler security update
2009-10-30 14:43:58
kdegraphics security update
2009-10-16 13:29:57
securityvulns
securityvulns
CUPS / poppler / xpdf / Adobe Reader multipls security vulnerabilities
2009-10-28 00:00:00
[USN-850-1] poppler vulnerabilities
2009-10-22 00:00:00
[ MDVSA-2009:283 ] cups
2009-10-20 00:00:00
ubuntu
ubuntu
poppler vulnerabilities
2009-11-02 00:00:00
poppler vulnerabilities
2009-10-21 00:00:00
KOffice vulnerabilities
2010-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: pdfedit-0.4.3-4.fc13
2010-02-20 00:11:55
[SECURITY] Fedora 10 Update: poppler-0.8.7-7.fc10
2009-10-27 07:05:29
[SECURITY] Fedora 12 Update: pdfedit-0.4.3-4.fc12
2010-02-20 00:25:46
debian
debian
[SECURITY] [DSA 2028-1] New xpdf packages fix several vulnerabilities
2010-04-05 15:23:30
[SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities
2010-05-24 15:38:34
slackware
slackware
poppler
2009-10-28 23:28:23
xpdf
2009-10-28 23:28:02
osv
osv
xpdf - several vulnerabilities
2010-04-05 00:00:00
kdegraphics - several vulnerabilities
2010-05-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:22669
altlinux3cve2veracode1prion1ubuntucve1debiancve1openvas96nessus58redhat6oraclelinux5centos6securityvulns3ubuntu3fedora7debian2slackware2osv2