Vigil@nce: Poppler, denials of service
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious PDF document and invite the
victim to open it with a Poppler application in order to stop it.
Gravity: 1/4
Consequences: denial of service of client
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 09/03/2009
IMPACTED PRODUCTS
– Mandriva Corporate
– Mandriva Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Poppler library is used by applications to display PDF
documents. It is impacted by two vulnerabilities.
The FormWidgetChoice::loadDefaults() function of Form.cc file does
not correctly initialize options in forms, which leads to a denial
of service. [grav:1/4; 19790, CVE-2009-0755]
The JBIG2Stream::readSymbolDictSeg() function of JBIG2Stream.cc
file does not correctly initialize bitmaps, which leads to a
denial of service. [grav:1/4; 19702, CVE-2009-0756]
An attacker can therefore create a malicious PDF document and
invite the victim to open it with a Poppler application in order
to stop it.
CHARACTERISTICS
Identifiers: 19702, 19790, CVE-2009-0755, CVE-2009-0756,
MDVSA-2009:068, MDVSA-2009:068-1, VIGILANCE-VUL-8520
http://vigilance.fr/vulnerability/Poppler-denials-of-service-8520