Adobe Reader: User-assisted execution of arbitrary code — GLSA 200907-06

Adobe Reader is vulnerable to remote code execution via crafted PDF files.

Affected packages

Background

Adobe Reader is a PDF reader released by Adobe.

Description

Multiple vulnerabilities have been reported in Adobe Reader:

• Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter (CVE-2009-0198).
• Mark Dowd of the IBM Internet Security Systems X-Force and Nicolas Joly of VUPEN Security reported multiple heap-based buffer overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
• Arr1val reported that multiple methods in the JavaScript API might lead to memory corruption when called with crafted arguments (CVE-2009-1492, CVE-2009-1493).
• An anonymous researcher reported a stack-based buffer overflow related to U3D model files with a crafted extension block (CVE-2009-1855).
• Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow related to the FlateDecode filter, which triggers a heap-based buffer overflow (CVE-2009-1856).
• Haifei Li of Fortinet's FortiGuard Global Security Research Team reported a memory corruption vulnerability related to TrueType fonts (CVE-2009-1857).
• The Apple Product Security Team reported a memory corruption vulnerability in the JBIG2 filter (CVE-2009-1858).
• Matthew Watchinski of Sourcefire VRT reported an unspecified memory corruption (CVE-2009-1859).
• Will Dormann of CERT reported multiple heap-based buffer overflows when processing JPX (aka JPEG2000) stream that trigger heap memory corruption (CVE-2009-1861).
• Multiple unspecified vulnerabilities have been discovered (CVE-2009-2028).

Impact

A remote attacker could entice a user to open a specially crafted document, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.6"

References

• CVE-2009-0198
• CVE-2009-0509
• CVE-2009-0510
• CVE-2009-0511
• CVE-2009-0512
• CVE-2009-0888
• CVE-2009-0889
• CVE-2009-1492
• CVE-2009-1493
• CVE-2009-1855
• CVE-2009-1856
• CVE-2009-1857
• CVE-2009-1858
• CVE-2009-1859
• CVE-2009-1861
• CVE-2009-2028

Release date
July 12, 2009

Latest revision
July 12, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries

• 267846
• 273908