CVE-2009-3609

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-3609 at MITRE

Description

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entries: 539875, 546400, 546404

SUSE Security Advisories:

SUSE-SR:2009:018, published Tue, 10 Nov 2009 13:00:00 +0000
SUSE-SR:2009:019, published Tue, 24 Nov 2009 07:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM POWER SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for IPF SUSE Linux Enterprise Server 10 SP2 for x86	`xpdf-tools >= 3.01-21.22.2`	sle10-sp2-sdk.x86-64 sled10-sp2.x86-64 sle10-sp2-sdk.ia64 sles10-sp2.x86-64 sles10-sp2.ppc sle10-sp2-sdk.x86 sles10-sp2.x86 sles10-sp2.s390x sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.ia64 sled10-sp2.x86 ZYPP Patch Nr: 6556
SUSE CORE 9 for AMD64 and Intel EM64T	`cups >= 1.1.20-108.62` `cups-client >= 1.1.20-108.62` `cups-devel >= 1.1.20-108.62` `cups-libs >= 1.1.20-108.62`	Builds YOU Patch Nr: 12722
SUSE Linux Enterprise Desktop 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for x86	`cups >= 1.1.23-40.57.2` `cups-client >= 1.1.23-40.57.2` `cups-devel >= 1.1.23-40.57.2` `cups-libs >= 1.1.23-40.57.2`	sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc ZYPP Patch Nr: 6720
SUSE Linux Enterprise Server 10 SP2 for IPF	`cups >= 1.1.23-40.57.2` `cups-client >= 1.1.23-40.57.2` `cups-devel >= 1.1.23-40.57.2` `cups-libs >= 1.1.23-40.57.2` `cups-libs-x86 >= 1.1.23-40.57.2`	sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc ZYPP Patch Nr: 6720
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`cups >= 1.1.23-40.57.2` `cups-client >= 1.1.23-40.57.2` `cups-devel >= 1.1.23-40.57.2` `cups-libs >= 1.1.23-40.57.2` `cups-libs-64bit >= 1.1.23-40.57.2`	sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc ZYPP Patch Nr: 6720
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`cups >= 1.1.23-40.57.2` `cups-client >= 1.1.23-40.57.2` `cups-devel >= 1.1.23-40.57.2` `cups-libs >= 1.1.23-40.57.2` `cups-libs-32bit >= 1.1.23-40.57.2`	sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc ZYPP Patch Nr: 6720
SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for X86-64 SLES SDK 9 for x86	`xpdf >= 3.00-64.54` `xpdf-config >= 3.00-64.54`	core9.x86-64 core9.s390 core9.x86 core9.ppc core9.ia64 core9.s390x YOU Patch Nr: 12523
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM POWER SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for IPF SUSE Linux Enterprise Server 10 SP2 for x86	`kdegraphics3-pdf >= 3.5.1-23.26.2`	sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.x86 sles10-sp2.ppc ZYPP Patch Nr: 6653
openSUSE 10.3	`cups >= 1.2.12-22.26` `cups-client >= 1.2.12-22.26` `cups-devel >= 1.2.12-22.26` `cups-libs >= 1.2.12-22.26` `cups-libs-32bit >= 1.2.12-22.26` `cups-libs-64bit >= 1.2.12-22.26`
Novell Linux Desktop 9 for x86 Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for x86	`cups >= 1.1.20-108.63` `cups-client >= 1.1.20-108.63` `cups-devel >= 1.1.20-108.63` `cups-libs >= 1.1.20-108.63`	core9.s390 sles9-nlpos.x86 core9.x86-64 core9.x86 core9.ia64 sles9-oes.x86 core9.ppc sles9-nld.x86-64 core9.s390x sles9-nld.x86 YOU Patch Nr: 12561
SUSE CORE 9 for Itanium Processor Family	`cups >= 1.1.20-108.63` `cups-client >= 1.1.20-108.63` `cups-devel >= 1.1.20-108.63` `cups-libs >= 1.1.20-108.63` `cups-libs-x86 >= 9-200912011928`	core9.s390 sles9-nlpos.x86 core9.x86-64 core9.x86 core9.ia64 sles9-oes.x86 core9.ppc sles9-nld.x86-64 core9.s390x sles9-nld.x86 YOU Patch Nr: 12561
SUSE CORE 9 for IBM POWER	`cups >= 1.1.20-108.63` `cups-client >= 1.1.20-108.63` `cups-devel >= 1.1.20-108.63` `cups-libs >= 1.1.20-108.63` `cups-libs-64bit >= 9-200912020435`	core9.s390 sles9-nlpos.x86 core9.x86-64 core9.x86 core9.ia64 sles9-oes.x86 core9.ppc sles9-nld.x86-64 core9.s390x sles9-nld.x86 YOU Patch Nr: 12561
SUSE CORE 9 for IBM zSeries 64bit	`cups >= 1.1.20-108.63` `cups-client >= 1.1.20-108.63` `cups-devel >= 1.1.20-108.63` `cups-libs >= 1.1.20-108.63` `cups-libs-32bit >= 9-200912020056`	core9.s390 sles9-nlpos.x86 core9.x86-64 core9.x86 core9.ia64 sles9-oes.x86 core9.ppc sles9-nld.x86-64 core9.s390x sles9-nld.x86 YOU Patch Nr: 12561
Novell Linux Desktop 9 for x86_64 SUSE CORE 9 for AMD64 and Intel EM64T	`cups >= 1.1.20-108.63` `cups-client >= 1.1.20-108.63` `cups-devel >= 1.1.20-108.63` `cups-libs >= 1.1.20-108.63` `cups-libs-32bit >= 9-200912011928`	core9.s390 sles9-nlpos.x86 core9.x86-64 core9.x86 core9.ia64 sles9-oes.x86 core9.ppc sles9-nld.x86-64 core9.s390x sles9-nld.x86 YOU Patch Nr: 12561
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`kdegraphics3-pdf >= 3.5.1-23.26.1`	sles10-sp3.ia64 sles10-sp3.x86-64 sled10-sp3.x86 sled10-sp3.x86-64 sles10-sp3.ppc sles10-sp3.s390x sles10-sp3.x86 ZYPP Patch Nr: 6652
SUSE Linux Enterprise Desktop 10 SP3 for x86	`cups >= 1.1.23-40.59.8` `cups-client >= 1.1.23-40.59.8` `cups-devel >= 1.1.23-40.59.8` `cups-libs >= 1.1.23-40.59.8`	sles10-sp3.x86-64 sles10-sp3.s390x sled10-sp3.x86 sled10-sp3.x86-64 sles10-sp3.ia64 sles10-sp3.x86 sles10-sp3.ppc ZYPP Patch Nr: 6721
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T	`cups >= 1.1.23-40.59.8` `cups-client >= 1.1.23-40.59.8` `cups-devel >= 1.1.23-40.59.8` `cups-libs >= 1.1.23-40.59.8` `cups-libs-32bit >= 1.1.23-40.59.8`	sles10-sp3.x86-64 sles10-sp3.s390x sled10-sp3.x86 sled10-sp3.x86-64 sles10-sp3.ia64 sles10-sp3.x86 sles10-sp3.ppc ZYPP Patch Nr: 6721
openSUSE 10.3	`xpdf >= 3.02-19.13` `xpdf-tools >= 3.02-19.13`
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`xpdf-tools >= 3.01-21.23.2`	sles10-sp3.s390x sles10-sp3.x86 sles10-sp3.ia64 sles10-sp3.ppc sle10-sp3-sdk.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.s390x sled10-sp3.x86 sled10-sp3.x86-64 sles10-sp3.x86-64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.ppc ZYPP Patch Nr: 6560

List of products where fixes are in QA

SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for x86
SUSE Linux Enterprise Desktop 10 SP3 for x86

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute