Advisories MDVSA-2009:331: kdegraphics

[paul]

Multiple vulnerabilities has been found and corrected in kdegraphics:

 

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2

and earlier allow remote attackers to cause a denial of service

(crash) via a crafted PDF file, related to (1) setBitmap and (2)

readSymbolDictSeg (CVE-2009-0146).

 

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and

earlier allow remote attackers to cause a denial of service (crash)

via a crafted PDF file (CVE-2009-0147).

 

The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers

to cause a denial of service (crash) via a crafted PDF file that

triggers a free of uninitialized memory (CVE-2009-0166).

 

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,

1.1.22, and 1.3.7 allow remote attackers to cause a denial of service

(application crash) or possibly execute arbitrary code via a crafted

PDF file that triggers a heap-based buffer overflow, possibly

related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)

JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the

JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).

 

Use-after-free vulnerability in the garbage-collection implementation

in WebCore in WebKit in Apple Safari before 4.0 allows remote

attackers to execute arbitrary code or cause a denial of service

(heap corruption and application crash) via an SVG animation element,

related to SVG set objects, SVG marker elements, the targetElement

attribute, and unspecified caches. (CVE-2009-1709).

 

WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple

Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote

attackers to execute arbitrary code via a crafted SVGList object that

triggers memory corruption (CVE-2009-0945).

 

This update provides a solution to this vulnerability.