CVE-2009-0791

Name of the Vulnerable Software and Affected Versions CUPS versions 1.1.17 through 1.1.22 CUPS version 1.3.7 Xpdf versions 2.x through 3.x Poppler version 0.x

Description The issue is related to multiple integer overflows in the pdftops filter, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF file. This can trigger a heap-based buffer overflow, potentially related to files such as Decrypt.cxx, FoFiTrueType.cxx, gmem.c, JBIG2Stream.cxx, and PSOutputDev.cxx in pdftops.

Recommendations For CUPS versions 1.1.17 through 1.1.22, consider updating to a version that includes a fix for the integer overflows in the pdftops filter. For CUPS version 1.3.7, consider updating to a version that includes a fix for the integer overflows in the pdftops filter. For Xpdf versions 2.x through 3.x, consider updating to a version that includes a fix for the integer overflows. For Poppler version 0.x, consider updating to a version that includes a fix for the integer overflows. As a temporary workaround, consider disabling the use of the pdftops filter until a patch is available.