CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.4%
CentOS Errata and Security Advisory CESA-2009:0431
The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.
Multiple integer overflow flaws were found in KPDFβs JBIG2 decoder. An
attacker could create a malicious PDF file that would cause KPDF to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0147,
CVE-2009-1179)
Multiple buffer overflow flaws were found in KPDFβs JBIG2 decoder. An
attacker could create a malicious PDF file that would cause KPDF to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0146,
CVE-2009-1182)
Multiple flaws were found in KPDFβs JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause KPDF to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0166, CVE-2009-1180)
Multiple input validation flaws were found in KPDFβs JBIG2 decoder. An
attacker could create a malicious PDF file that would cause KPDF to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0800)
Multiple denial of service flaws were found in KPDFβs JBIG2 decoder. An
attacker could create a malicious PDF that would cause KPDF to crash when
opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team, and Will Dormann of the CERT/CC for responsibly reporting
these flaws.
Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-April/077942.html
https://lists.centos.org/pipermail/centos-announce/2009-April/077945.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078029.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078030.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078082.html
https://lists.centos.org/pipermail/centos-announce/2009-May/078083.html
Affected packages:
kdegraphics
kdegraphics-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0431
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | kdegraphics | <Β 3.3.1-13.el4 | kdegraphics-3.3.1-13.el4.ia64.rpm |
CentOS | 4 | ia64 | kdegraphics-devel | <Β 3.3.1-13.el4 | kdegraphics-devel-3.3.1-13.el4.ia64.rpm |
CentOS | 4 | ia64 | kdegraphics | <Β 3.3.1-13.el4 | kdegraphics-3.3.1-13.el4.ia64.rpm |
CentOS | 4 | ia64 | kdegraphics-devel | <Β 3.3.1-13.el4 | kdegraphics-devel-3.3.1-13.el4.ia64.rpm |
CentOS | 4 | s390 | kdegraphics | <Β 3.3.1-13.el4 | kdegraphics-3.3.1-13.el4.s390.rpm |
CentOS | 4 | s390 | kdegraphics-devel | <Β 3.3.1-13.el4 | kdegraphics-devel-3.3.1-13.el4.s390.rpm |
CentOS | 4 | s390x | kdegraphics | <Β 3.3.1-13.el4 | kdegraphics-3.3.1-13.el4.s390x.rpm |
CentOS | 4 | s390x | kdegraphics-devel | <Β 3.3.1-13.el4 | kdegraphics-devel-3.3.1-13.el4.s390x.rpm |
CentOS | 4 | s390 | kdegraphics | <Β 3.3.1-13.el4 | kdegraphics-3.3.1-13.el4.s390.rpm |
CentOS | 4 | s390 | kdegraphics-devel | <Β 3.3.1-13.el4 | kdegraphics-devel-3.3.1-13.el4.s390.rpm |