CVE-2009-1188

Name of the Vulnerable Software and Affected Versions kdegraphics versions prior to 3.02pl4 libkscan-dev (affected versions not specified) kdegraphics-dev (affected versions not specified) xpdf-common (affected versions not specified) kviewshell (affected versions not specified) kdegraphics-dbg (affected versions not specified) kdegraphics-doc-html (affected versions not specified) kdvi (affected versions not specified) xpdf-reader (affected versions not specified) libkscan1 (affected versions not specified) xpdf-utils (affected versions not specified) kdegraphics (affected versions not specified) kdegraphics-kfile-plugins (affected versions not specified) Poppler versions prior to 0.10.6

Description The issue is related to multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including kdegraphics, libkscan-dev, and xpdf-common, among others. These vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. Specifically, an integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF document.

Recommendations For kdegraphics versions prior to 3.02pl4, update to version 3.02pl4 or later. For Poppler versions prior to 0.10.6, update to version 0.10.6 or later. For other affected packages, at the moment, there is no information about a newer version that contains a fix for this vulnerability.