Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 263028 (CVE-2009-0146) - <app-text/poppler-0.10.5-r1 JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166,0195,0799,0800,1179,1180,1181,1182,1183,1187,1188})
Summary: <app-text/poppler-0.10.5-r1 JBIG2 Multiple vulnerabilities (CVE-2009-{0146,01...
Status: RESOLVED FIXED
Alias: CVE-2009-0146
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks: 264601 264603
  Show dependency tree
 
Reported: 2009-03-19 12:44 UTC by Robert Buchholz (RETIRED)
Modified: 2013-10-06 16:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
xpdf-3.02pl3.patch (xpdf-3.02pl3.patch,30.01 KB, text/plain)
2009-04-02 09:47 UTC, Robert Buchholz (RETIRED)
no flags Details
poppler-0.10.5-xpdf-3.02pl3.patch (poppler-0.10.5-xpdf-3.02pl3.patch,24.06 KB, text/plain)
2009-04-02 09:47 UTC, Robert Buchholz (RETIRED)
no flags Details
poppler-0.10.5-xpdf-3.02pl3.patch (poppler-0.10.5-xpdf-3.02pl3.patch ,22.45 KB, patch)
2009-04-06 21:27 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff
dev-libs/poppler-0.10.5-r1 (poppler-0.10.5-r1.ebuild,1.38 KB, text/plain)
2009-04-06 21:55 UTC, Peter Alfredsen (RETIRED)
no flags Details
app-text/poppler-0.10.5-r1 (poppler-0.10.5-r1.ebuild,1.47 KB, text/plain)
2009-04-06 23:09 UTC, Peter Alfredsen (RETIRED)
no flags Details
poppler-0.10.5-xpdf-3.02pl3.patch (poppler-0.10.5-xpdf-3.02pl3.patch,23.06 KB, patch)
2009-04-07 23:37 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff
poppler-CVE-2009-1187.patch (poppler-CVE-2009-1187.patch,422 bytes, patch)
2009-04-16 21:47 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff
poppler-CVE-2009-1188.patch (poppler-CVE-2009-1188.patch,390 bytes, patch)
2009-04-16 21:48 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-03-19 12:44:21 UTC
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Braden Thomas and Drew Yao of Apple Product Security discovered multiple security issues in the JBIG2 decoding of Poppler/Xpdf:

CVE-2009-0165: g*allocn integer overflow that probably only affects Mac OS X
CVE-2009-0146: buffer overflows in JBIG2SymbolDict::setBitmap and JBIG2Stream::readSymbolDictSeg
CVE-2009-0147: integer overflows in JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg and JBIG2Stream::readGenericBitmap 
CVE-2009-0166: JBIG2SymbolDict::~JBIG2SymbolDict uninitialized free() that does not affect Mac OS X but may affect others
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-03-19 12:45:19 UTC
Apple provided reproducers and patches, however these are still being discussed upstream.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 09:47:20 UTC
Created attachment 187052 [details]
xpdf-3.02pl3.patch

Xpdf upstream's patch.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 09:47:58 UTC
Created attachment 187053 [details]
poppler-0.10.5-xpdf-3.02pl3.patch

I ported the Xpdf patch to poppler. Three of the NULL dereference errors fixed in xpdf have previously been fixed in poppler as well, and there are other places needed manual merging.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-04-02 10:50:26 UTC
bug 263028:
* app-text/poppler

bug 264601:
* app-text/tetex
* app-text/texlive-core
* app-text/ptex

bug 264603:
* app-office/kword
* app-office/koffice
* kde-base/kpdf
* kde-base/kdegraphics

Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-04-04 12:25:34 UTC
embargo has been pushed back to 2009-04-16.

I have been running with a patched version of poppler since I posted the patch here, and have noticed no failures in evince yet. dang/loki, are you planning to participate in the prestable testing?
Comment 6 Daniel Gryniewicz (RETIRED) gentoo-dev 2009-04-06 13:06:08 UTC
Correct me if I'm wrong, but there's nothing specific to do for evince, yes?  If so, it'll have to be up to loki to do the popper bump, since I'm not up on the various real/virtual and lib splitup transitions going on right now, so I'd probably break something.
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2009-04-06 21:27:48 UTC
Created attachment 187488 [details, diff]
poppler-0.10.5-xpdf-3.02pl3.patch 

The patch upstream is going to apply, only minor differences from the port posted above. But since we are not yet prestable testing, we can use this copy.
Comment 8 Peter Alfredsen (RETIRED) gentoo-dev 2009-04-06 21:55:13 UTC
Created attachment 187498 [details]
dev-libs/poppler-0.10.5-r1

Ebuild for upstream patch.
Comment 9 Peter Alfredsen (RETIRED) gentoo-dev 2009-04-06 23:09:37 UTC
Created attachment 187506 [details]
app-text/poppler-0.10.5-r1

Stabling dev-libs/poppler and GLSAing it proves to be too much of a bother due to the mechanics of GLSAing not having provided very well for a transition such as the one poppler is in at the moment. app-text/poppler-0.10.5-r1 is the package we will be requesting to be stabled, so that's the one arch liaisons should test. I'll be pushing for dev-libs/poppler stabilization later independently of this bug.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-04-06 23:11:57 UTC
Peter, thanks for considering the shortcomings of actually not the GLSA format, but the tools working with them.

Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

CC'ing current Liaisons:
   alpha : armin76, klausman
   amd64 : keytoaster, tester
    hppa : jer
     ppc : josejx, ranger
   ppc64 : josejx, ranger
   sparc : fmccor
     x86 : armin76, maekke

Comment 11 Ferris McCormick (RETIRED) gentoo-dev 2009-04-07 12:16:15 UTC
On sparc, builds and installs as expected, xpdf and evince appear to work fine.  Utilities (pdfinfo, pdftops, ...) work as well.
Comment 12 Brent Baude (RETIRED) gentoo-dev 2009-04-07 14:52:49 UTC
ppc and ppc64 likey
Comment 13 Robert Buchholz (RETIRED) gentoo-dev 2009-04-07 23:37:24 UTC
Created attachment 187654 [details, diff]
poppler-0.10.5-xpdf-3.02pl3.patch

Additional invalid free() calls are fixed in this patch. Since we have a few days left, it'd be great to run additional tests.
Comment 14 Ferris McCormick (RETIRED) gentoo-dev 2009-04-08 13:29:44 UTC
Sparc is still good.  I note, however, that a version bump for poppler will need several other upgrades.  It seems that poppler-bindings virtual/poppler, virtual/poppler-utils all need to bump to -0.10.5, otherwise portage insists on downgrading poppler to -0.10.4 (things like cups want virtual/poppler-utils or virtual/poppler, and the versions of those are tied to the underlying poppler version.  Similarly so is the version of poppler-bindings tied.)
Comment 15 Jeroen Roovers (RETIRED) gentoo-dev 2009-04-08 15:22:55 UTC
HPPA appears OK.
Comment 16 Robert Buchholz (RETIRED) gentoo-dev 2009-04-16 21:46:54 UTC
This is now public. Please commit with the stable keywords gathered in this bug.

and also, amd64 stable, I have been running the version for weeks without an issue.

Furtheremore, new CVEs have arisen. CVE-2009-1187 and CVE-2009-1188 handle additional integer overflows in CairoOutputDev and SplashBitmap. poppler upstream is pushing updates into git, so we might want to fix those via version bumps.
Comment 17 Robert Buchholz (RETIRED) gentoo-dev 2009-04-16 21:47:52 UTC
Created attachment 188617 [details, diff]
poppler-CVE-2009-1187.patch
Comment 18 Robert Buchholz (RETIRED) gentoo-dev 2009-04-16 21:48:02 UTC
Created attachment 188619 [details, diff]
poppler-CVE-2009-1188.patch
Comment 19 Robert Buchholz (RETIRED) gentoo-dev 2009-04-16 21:49:05 UTC
poppler 0.10.6 is released containing all fixes referenced in this bug.
Comment 20 Peter Alfredsen (RETIRED) gentoo-dev 2009-04-17 00:50:09 UTC
Ebuilds in tree, but no need to do all this twice. 0.10.6 will be a stable target for the split poppler stuff, so I'd like to avoid bumping app-text/poppler{,-bindings} to that version.
Arches, please test and mark stable:
app-text/poppler-bindings-0.10.5-r1
app-text/poppler-0.10.5-r1
virtual/poppler-glib-0.10.5
virtual/poppler-0.10.5
virtual/poppler-qt3-0.10.5
virtual/poppler-qt4-0.10.5
virtual/poppler-utils-0.10.5
amd64, sparc, ppc, ppc64 and hppa; all you've got to approve are the two tiny patches for 1188 and 1187.
I still haven't arsed myself to fix bug 239556, so you need a UTF-8 locale to get tests to pass.
Comment 21 Jeroen Roovers (RETIRED) gentoo-dev 2009-04-18 05:34:01 UTC
Stable for HPPA.
Comment 22 Markus Meier gentoo-dev 2009-04-18 12:13:56 UTC
amd64/x86 stable
Comment 23 Brent Baude (RETIRED) gentoo-dev 2009-04-18 13:03:52 UTC
ppc and ppc64 done
Comment 24 Tobias Klausmann (RETIRED) gentoo-dev 2009-04-18 16:30:10 UTC
When building with USE="cairo gtk qt3 qt4", app-text/poppler-bindings-0.10.5-r1 fails thusly during tests on alpha:

libtool: link: alpha-unknown-linux-gnu-g++ -Wall -Wno-write-strings -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o .libs/test-poppler-qt4 test-poppler-qt4.o -pthread  ../../qt4/src/.libs/libpoppler-qt4.so -L/usr/lib/qt4 -L/usr/X11R6/lib -lpoppler /usr/lib/qt4/libQtGui.so /usr/lib/libpng12.so /usr/lib/libSM.so -luuid /usr/lib/libICE.so /usr/lib/libXrandr.so /usr/lib/libXrender.so /usr/lib/libfontconfig.so /usr/lib/libfreetype.so /usr/lib/libexpat.so /usr/lib/libXext.so /usr/lib/libX11.so /usr/lib/libxcb-xlib.so /usr/lib/libxcb.so /usr/lib/libXau.so /usr/lib/libXdmcp.so /usr/lib/qt4/libQtXml.so /usr/lib/qt4/libQtCore.so -lz -lm /usr/lib/libgthread-2.0.so -lrt /usr/lib/libglib-2.0.so -lpthread -ldl -pthread
libtool: link: alpha-unknown-linux-gnu-g++ -Wall -Wno-write-strings -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o .libs/stress-poppler-qt4 stress-poppler-qt4.o -pthread  ../../qt4/src/.libs/libpoppler-qt4.so -L/usr/lib/qt4 -L/usr/X11R6/lib -lpoppler /usr/lib/qt4/libQtGui.so /usr/lib/libpng12.so /usr/lib/libSM.so -luuid /usr/lib/libICE.so /usr/lib/libXrandr.so /usr/lib/libXrender.so /usr/lib/libfontconfig.so /usr/lib/libfreetype.so /usr/lib/libexpat.so /usr/lib/libXext.so /usr/lib/libX11.so /usr/lib/libxcb-xlib.so /usr/lib/libxcb.so /usr/lib/libXau.so /usr/lib/libXdmcp.so /usr/lib/qt4/libQtXml.so /usr/lib/qt4/libQtCore.so -lz -lm /usr/lib/libgthread-2.0.so -lrt /usr/lib/libglib-2.0.so -lpthread -ldl -pthread
/usr/lib/qt4/libQtGui.so: undefined reference to `QDateTimeParser::parse(QString const&, QDateTime const&, bool) const'
collect2: ld returned 1 exit status
distcc[8073] ERROR: compile (null) on localhost failed
make[3]: *** [test-poppler-qt4] Error 1
make[3]: *** Waiting for unfinished jobs....
/usr/lib/qt4/libQtGui.so: undefined reference to `QDateTimeParser::parse(QString const&, QDateTime const&, bool) const'
collect2: ld returned 1 exit status
distcc[8117] ERROR: compile (null) on localhost failed
make[3]: *** [stress-poppler-qt4] Error 1
make[3]: Leaving directory `/var/tmp/portage/app-text/poppler-bindings-0.10.5-r1/work/poppler-0.10.5/qt4/tests'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/app-text/poppler-bindings-0.10.5-r1/work/poppler-0.10.5/qt4'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/app-text/poppler-bindings-0.10.5-r1/work/poppler-0.10.5'
make: *** [all] Error 2

# emerge --info
Portage 2.1.6.11 (default/linux/alpha/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.30-rc2 alpha)
=================================================================
System uname: Linux-2.6.30-rc2-alpha-EV68AL-with-glibc2.0
Timestamp of tree: Sat, 18 Apr 2009 14:15:01 +0000
distcc 3.1 alpha-unknown-linux-gnu [enabled]
app-shells/bash:     4.0_p10-r1
dev-lang/python:     2.4.4-r15, 2.5.4-r2
dev-util/cmake:      2.6.3
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.4.3-r1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.5, 1.7.9-r1, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.19.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.28-r1
ACCEPT_KEYWORDS="alpha ~alpha"
CBUILD="alpha-unknown-linux-gnu"
CFLAGS="-mieee -pipe -O2 -mcpu=ev67"
CHOST="alpha-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-mieee -pipe -O2 -mcpu=ev67"
DISTDIR="/usr/portage/distfiles"
FEATURES="distcc distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans usepkg userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.tiscali.nl/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"
LC_ALL="en_US.utf8"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync5.de.gentoo.org/gentoo-portage"
USE="X acl alpha alsa apache2 audiofile bash-completion berkdb bzip2 calendar cdparanoia cdr cli cracklib crypt dio dri encode ethereal exif ffmpeg fftw firefox flac fortran ftp gdbm gpm iconv imlib2 isdnlog jpeg kdeenablefinal libcaca lua mad matroska midi mmap mng moznocompose moznoirc moznomail mozsvg mpeg mudflap ncurses network-cron nls nptl nptlonly offensive ogg openmp pam pcre pdflib perl png pnm ppds pppd python rar readline recode reflection session sharedmem sockets sox spl ssl svg sysfs szip tcpd tetex theora truetype unicode usb v4l v4l2 vcd vidix vim vim-pager vlm vorbis xcb xorg xosd xpm xvid zlib" ALSA_CARDS="ali5451 als4000 bt87x ca0106 cmipci emu10k1 ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 maestro3 trident usb-audio via82xx ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="vga glint mga nvidia vesa r128 "
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

LC_ALL is en_US.utf8
Comment 25 Tobias Klausmann (RETIRED) gentoo-dev 2009-04-21 19:20:39 UTC
All of them stable on alpha. ("bug" was a shlib with missing deps)
Comment 26 Raúl Porcel (RETIRED) gentoo-dev 2009-04-22 11:16:34 UTC
arm/ia64/s390/sh/sparc stable
Comment 27 Tobias Heinlein (RETIRED) gentoo-dev 2009-04-24 12:53:03 UTC
GLSA request filed.
Comment 28 Stefan Behte (RETIRED) gentoo-dev Security 2009-04-29 15:46:34 UTC
CVE-2009-0146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0146):
  Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
  earlier, CUPS 1.3.9 and earlier, and other products allow remote
  attackers to cause a denial of service (crash) via a crafted PDF
  file, related to (1) JBIG2SymbolDict::setBitmap and (2)
  JBIG2Stream::readSymbolDictSeg.

CVE-2009-0147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0147):
  Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
  earlier, CUPS 1.3.9 and earlier, and other products allow remote
  attackers to cause a denial of service (crash) via a crafted PDF
  file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
  JBIG2Stream::readSymbolDictSeg, and (3)
  JBIG2Stream::readGenericBitmap.

CVE-2009-0165 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0165):
  Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as
  used in Poppler and other products, when running on Mac OS X, has
  unspecified impact, related to "g*allocn."

CVE-2009-0166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0166):
  The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
  earlier, and other products allows remote attackers to cause a denial
  of service (crash) via a crafted PDF file that triggers a free of
  uninitialized memory.

CVE-2009-1187 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1187):
  Integer overflow in the JBIG2 decoding feature in Poppler before
  0.10.6 allows remote attackers to cause a denial of service (crash)
  and possibly execute arbitrary code via vectors related to
  CairoOutputDev (CairoOutputDev.cc).

CVE-2009-1188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1188):
  Integer overflow in the JBIG2 decoding feature in Poppler before
  0.10.6 allows remote attackers to cause a denial of service (crash)
  and possibly execute arbitrary code via vectors related to
  SplashBitmap (splash/SplashBitmap.cc).

Comment 29 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 20:39:38 UTC
CVE-2009-0195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0195):
  Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
  and probably other products, allows remote attackers to execute
  arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
  segments.

CVE-2009-0799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0799):
  The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
  earlier, Poppler before 0.10.6, and other products allows remote
  attackers to cause a denial of service (crash) via a crafted PDF file
  that triggers an out-of-bounds read.

CVE-2009-0800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0800):
  Multiple "input validation flaws" in the JBIG2 decoder in Xpdf
  3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
  and other products allow remote attackers to execute arbitrary code
  via a crafted PDF file.

CVE-2009-1179 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1179):
  Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
  CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products
  allows remote attackers to execute arbitrary code via a crafted PDF
  file.

CVE-2009-1180 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1180):
  The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
  earlier, Poppler before 0.10.6, and other products allows remote
  attackers to execute arbitrary code via a crafted PDF file that
  triggers a free of invalid data.

CVE-2009-1181 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1181):
  The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
  earlier, Poppler before 0.10.6, and other products allows remote
  attackers to cause a denial of service (crash) via a crafted PDF file
  that triggers a NULL pointer dereference.

CVE-2009-1182 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1182):
  Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
  and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other
  products allow remote attackers to execute arbitrary code via a
  crafted PDF file.

CVE-2009-1183 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1183):
  The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
  earlier, Poppler before 0.10.6, and other products allows remote
  attackers to cause a denial of service (infinite loop and hang) via a
  crafted PDF file.
Comment 30 Maciej Mrozowski gentoo-dev 2010-03-08 21:45:45 UTC
The most recent stable we have in portage is app-text/poppler-0.12.3-r3
Comment 31 Andreas K. Hüttel archtester gentoo-dev 2011-06-02 18:41:40 UTC
Oldest version in portage is 0.14.5-r1
Nothing to do for printing here anymore.
Comment 32 Andreas K. Hüttel archtester gentoo-dev 2013-03-16 11:42:08 UTC
Will anyone still read this GLSA if it ever comes out? Come on, stable is poppler-0.20 by now.
Comment 33 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 16:08:22 UTC
This issue was resolved and addressed in
 GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml
by GLSA coordinator Sean Amoss (ackle).