Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
https://bugzilla.redhat.com/show_bug.cgi?id=491840
http://www.vupen.com/english/advisories/2009/1488
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://securitytracker.com/id?1022326
http://www.securityfocus.com/bid/35195
http://secunia.com/advisories/35340
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35685
https://rhn.redhat.com/errata/RHSA-2009-1501.html
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37077
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
http://www.vupen.com/english/advisories/2009/2928
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://secunia.com/advisories/37023
https://rhn.redhat.com/errata/RHSA-2009-1500.html
http://secunia.com/advisories/37043
http://secunia.com/advisories/37079
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534