Debian DSA-1793-1 : kdegraphics - multiple vulnerabilities

critical Nessus Plugin ID 38703

Synopsis

The remote Debian host is missing a security-related update.

Description

kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790.

The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

- CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

- CVE-2009-0165 Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to 'g*allocn.'

- CVE-2009-0166 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

- CVE-2009-0799 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

- CVE-2009-0800 Multiple 'input validation flaws' in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file.

- CVE-2009-1179 Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file.

- CVE-2009-1180 The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

- CVE-2009-1181 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

- CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file.

- CVE-2009-1183 The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

The old stable distribution (etch), these problems have been fixed in version 3.5.5-3etch3.

Solution

Upgrade the kdegraphics packages.

For the stable distribution (lenny), these problems have been fixed in version 3.5.9-3+lenny1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524810

https://security-tracker.debian.org/tracker/CVE-2009-0146

https://security-tracker.debian.org/tracker/CVE-2009-0147

https://security-tracker.debian.org/tracker/CVE-2009-0165

https://security-tracker.debian.org/tracker/CVE-2009-0166

https://security-tracker.debian.org/tracker/CVE-2009-0799

https://security-tracker.debian.org/tracker/CVE-2009-0800

https://security-tracker.debian.org/tracker/CVE-2009-1179

https://security-tracker.debian.org/tracker/CVE-2009-1180

https://security-tracker.debian.org/tracker/CVE-2009-1181

https://security-tracker.debian.org/tracker/CVE-2009-1182

https://security-tracker.debian.org/tracker/CVE-2009-1183

https://www.debian.org/security/2009/dsa-1793

Plugin Details

Severity: Critical

ID: 38703

File Name: debian_DSA-1793.nasl

Version: 1.14

Type: local

Agent: unix

Published: 5/8/2009

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:kdegraphics, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 5/6/2009

Reference Information

CVE: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183

BID: 34568

CWE: 119, 189, 20, 399

DSA: 1793