CVE-2009-0147

Name of the Vulnerable Software and Affected Versions cups versions prior to 1.3.10 cups-libs-x86 (affected versions not specified) kdegraphics-devel-3.5.4 (affected versions not specified) kdegraphics-3.5.4 (affected versions not specified) cups-debugsource (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-devel (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages, including cups and kdegraphics, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, multiple integer overflows in the JBIG2 decoder in Xpdf and CUPS allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg and other functions.

Recommendations For cups versions prior to 1.3.10, update to version 1.3.10 or later. For cups-libs-x86, consider disabling the vulnerable package until a patch is available. For kdegraphics-devel-3.5.4, restrict access to the vulnerable package to minimize the risk of exploitation. For kdegraphics-3.5.4, avoid using the vulnerable package in sensitive operations until the issue is resolved. For cups-debugsource, cups-libs-32bit, cups-client, cups-debuginfo, and cups-devel, consider temporarily disabling or restricting the use of these packages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected packages.