CVE-2009-3609

Name of the Vulnerable Software and Affected Versions cups-devel-1.1.22 versions 1.1.22 cups-libs-1.1.22 versions 1.1.22 cups-1.1.22 versions 1.1.22 libkscan-dev versions (affected versions not specified) kdegraphics-dev versions (affected versions not specified) xpdf-common versions (affected versions not specified) kviewshell versions (affected versions not specified) kdegraphics-dbg versions (affected versions not specified) kdegraphics-doc-html versions (affected versions not specified) kdvi versions (affected versions not specified) xpdf-reader versions (affected versions not specified) libkscan1 versions (affected versions not specified) kdegraphics versions (affected versions not specified) xpdf-utils versions (affected versions not specified) kdegraphics-kfile-plugins versions (affected versions not specified) Xpdf versions prior to 3.02pl4 Poppler versions prior to 0.12.1

Description The issue is related to multiple vulnerabilities in various packages, including libkscan-dev, kdegraphics-dev, cups-devel-1.1.22, cups-libs-1.1.22, cups-1.1.22, xpdf-common, kviewshell, kdegraphics-dbg, kdegraphics-doc-html, kdvi, xpdf-reader, libkscan1, kdegraphics, xpdf-utils, and kdegraphics-kfile-plugins. These vulnerabilities can be exploited remotely and may lead to a disruption of confidentiality, integrity, and availability of protected information. An integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1 can cause a denial of service (application crash) via a crafted PDF document.

Recommendations As a temporary workaround, consider disabling the ImageStream::ImageStream function until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. Update Xpdf to version 3.02pl4 or later. Update Poppler to version 0.12.1 or later. At the moment, there is no information about a newer version that contains a fix for the other vulnerable packages.