Multiple vulnerabilities have been identified in Xpdf, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer and integer overflow errors in the "SplashBitmap::SplashBitmap()", "Splash::drawImage()", "PSOutputDev::doImageL1Sep()", "ObjectStream::ObjectStream()", and "ImageStream::ImageStream()" functions when processing malformed data within a PDF file, which could allow attackers to crash an affected application or execute arbitrary code by tricking a user into opening a malicious PDF.

Affected Products

Xpdf versions prior to 3.02pl4

Solution

Apply patch :
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

References

http://www.vupen.com/english/advisories/2009/2924
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3603
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3604
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3606
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3608
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3609

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Credits

Vulnerabilities reported by the vendor, Chris Rohlf and Adam Zabrocki.

Changelog

2009-10-15 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.