Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Dec 2009 4597 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Sun Solaris, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in the Solaris GNOME PDF rendering libraries.

1. Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows.

2. An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow.

3. Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows.

4. An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.

The vulnerabilities are reported in Solaris 10 for both the SPARC and x86 platforms.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Sun Solaris 10
  • Sun OpenSolaris

Solutions

Sun OpenSolaris - Upgrade to snv_130 or later

A final resolution is pending completion for Solaris 10

Workaround:

  • Do not open PDF files from untrusted sources.

    • Vulnerability Identifier

    Source

    Related Link

    Share with

    Previous

    Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities

    10 Dec 2009 4454 Views

    Next

    Adobe Reader and Acrobat Unspecified Code Execution Vulnerability

    15 Dec 2009 4456 Views

    We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

    PRIVACY POLICY