REDHAT-BUG-526915: Integer Overflow
First published: Fri Oct 02 2009(Updated: )
Integer overflow was discovered in SplashBitmap::SplashBitmap when computing memory allocation requirements. This issue was previously reported as <a href="https://access.redhat.com/security/cve/CVE-2009-1188">CVE-2009-1188</a> / <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow" href="show_bug.cgi?id=495907">bug #495907</a> and addressed in poppler via gmalloc -> gmallocn change via: <a href="http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2">http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2</a> However, such fix is not sufficient, as overflow can occur even during rowSize calculation. Splash output device is not present in xpdf 2.x, it's also not in the xpdf code embedded in CUPS or tetex.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| freedesktop poppler | ||
| Xpdf |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2009-1188
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=495907
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=363486&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=363486&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=526637#c14
- https://rhn.redhat.com/errata/RHSA-2009-1504.html
- http://admin.fedoraproject.org/updates/poppler-0.8.7-7.fc10
- http://admin.fedoraproject.org/updates/poppler-0.10.7-3.fc11
- https://bugzilla.redhat.com/show_bug.cgi?id=526915
Frequently Asked Questions
What is the severity of REDHAT-BUG-526915?
The severity of REDHAT-BUG-526915 is classified as high due to the potential for an integer overflow leading to memory corruption.
How do I fix REDHAT-BUG-526915?
To fix REDHAT-BUG-526915, update to the latest version of Freedesktop poppler or Xpdf that includes the patched code.
What systems are affected by REDHAT-BUG-526915?
REDHAT-BUG-526915 affects systems using Freedesktop poppler and Xpdf versions that do not contain the remediation for this vulnerability.
What is the nature of the vulnerability in REDHAT-BUG-526915?
The nature of the vulnerability in REDHAT-BUG-526915 is an integer overflow that occurs when computing memory allocation when processing bitmap images.
Is there a public exploit for REDHAT-BUG-526915?
As of now, there are no publicly known exploits specifically targeting REDHAT-BUG-526915, but it remains a serious concern due to its potential impact.
- agent/last-modified-date
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3603
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/freedesktop
- canonical/freedesktop poppler
- vendor/xpdf
- canonical/xpdf