Synopsis: Important: kdegraphics security update Issue date: 2009-04-16 CVE Names: CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in KPDF's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF that would cause KPDF to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) SL 4.x SRPMS: kdegraphics-3.3.1-13.el4.src.rpm i386: kdegraphics-3.3.1-13.el4.i386.rpm kdegraphics-devel-3.3.1-13.el4.i386.rpm x86_64: kdegraphics-3.3.1-13.el4.x86_64.rpm kdegraphics-devel-3.3.1-13.el4.x86_64.rpm SL 5.x SRPMS: kdegraphics-3.5.4-12.el5_3.src.rpm i386: kdegraphics-3.5.4-12.el5_3.i386.rpm kdegraphics-devel-3.5.4-12.el5_3.i386.rpm x86_64: kdegraphics-3.5.4-12.el5_3.x86_64.rpm kdegraphics-devel-3.5.4-12.el5_3.i386.rpm kdegraphics-devel-3.5.4-12.el5_3.x86_64.rpm -Connie Sieh -Troy Dawson