Lucene search

MitreCVE-2009-0147

HistoryApr 23, 2009 - 5:30 p.m.

CVE-2009-0147

2009-04-2317:30:01

CWE-189

mitre

web.nvd.nist.gov

cve-2009-0147

integer overflows

jbig2 decoder

xpdf

cups

denial of service

pdf file

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

High

EPSS

0.021

Percentile

89.2%

JSON

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

Affected configurations

Nvd

Node

foolabsxpdfMatch0.5a

foolabsxpdfMatch0.7a

foolabsxpdfMatch0.91a

foolabsxpdfMatch0.91b

foolabsxpdfMatch0.91c

foolabsxpdfMatch0.92a

foolabsxpdfMatch0.92b

foolabsxpdfMatch0.92c

foolabsxpdfMatch0.92d

foolabsxpdfMatch0.92e

foolabsxpdfMatch0.93a

foolabsxpdfMatch0.93b

foolabsxpdfMatch0.93c

foolabsxpdfMatch1.00a

glyphandcogxpdfreaderRange≤3.02

glyphandcogxpdfreaderMatch0.2

glyphandcogxpdfreaderMatch0.3

glyphandcogxpdfreaderMatch0.4

glyphandcogxpdfreaderMatch0.5

glyphandcogxpdfreaderMatch0.6

glyphandcogxpdfreaderMatch0.7

glyphandcogxpdfreaderMatch0.80

glyphandcogxpdfreaderMatch0.90

glyphandcogxpdfreaderMatch0.91

glyphandcogxpdfreaderMatch0.92

glyphandcogxpdfreaderMatch0.93

glyphandcogxpdfreaderMatch1.00

glyphandcogxpdfreaderMatch1.01

glyphandcogxpdfreaderMatch2.00

glyphandcogxpdfreaderMatch2.01

glyphandcogxpdfreaderMatch2.02

glyphandcogxpdfreaderMatch2.03

glyphandcogxpdfreaderMatch3.00

glyphandcogxpdfreaderMatch3.01

Node

applecupsRange≤1.3.9

applecupsMatch1.1

applecupsMatch1.1.1

applecupsMatch1.1.2

applecupsMatch1.1.3

applecupsMatch1.1.4

applecupsMatch1.1.5

applecupsMatch1.1.5-1

applecupsMatch1.1.5-2

applecupsMatch1.1.6

applecupsMatch1.1.6-1

applecupsMatch1.1.6-2

applecupsMatch1.1.6-3

applecupsMatch1.1.7

applecupsMatch1.1.8

applecupsMatch1.1.9

applecupsMatch1.1.9-1

applecupsMatch1.1.10

applecupsMatch1.1.10-1

applecupsMatch1.1.11

applecupsMatch1.1.12

applecupsMatch1.1.13

applecupsMatch1.1.14

applecupsMatch1.1.15

applecupsMatch1.1.16

applecupsMatch1.1.17

applecupsMatch1.1.18

applecupsMatch1.1.19

applecupsMatch1.1.19rc1

applecupsMatch1.1.19rc2

applecupsMatch1.1.19rc3

applecupsMatch1.1.19rc4

applecupsMatch1.1.19rc5

applecupsMatch1.1.20

applecupsMatch1.1.20rc1

applecupsMatch1.1.20rc2

applecupsMatch1.1.20rc3

applecupsMatch1.1.20rc4

applecupsMatch1.1.20rc5

applecupsMatch1.1.20rc6

applecupsMatch1.1.21

applecupsMatch1.1.21rc1

applecupsMatch1.1.21rc2

applecupsMatch1.1.22

applecupsMatch1.1.22rc1

applecupsMatch1.1.22rc2

applecupsMatch1.1.23

applecupsMatch1.1.23rc1

applecupsMatch1.2.0

applecupsMatch1.2.1

applecupsMatch1.2.2

applecupsMatch1.2.3

applecupsMatch1.2.4

applecupsMatch1.2.5

applecupsMatch1.2.6

applecupsMatch1.2.7

applecupsMatch1.2.8

applecupsMatch1.2.9

applecupsMatch1.2.10

applecupsMatch1.2.11

applecupsMatch1.2.12

applecupsMatch1.3.0

applecupsMatch1.3.1

applecupsMatch1.3.2

applecupsMatch1.3.3

applecupsMatch1.3.4

applecupsMatch1.3.5

applecupsMatch1.3.6

applecupsMatch1.3.7

applecupsMatch1.3.8

applecupsMatch1.3.10

applecupsMatch1.3.11

VendorProductVersionCPE
foolabsxpdf0.5acpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
foolabsxpdf0.7acpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
foolabsxpdf0.91acpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
foolabsxpdf0.91bcpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
foolabsxpdf0.91ccpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
foolabsxpdf0.92acpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
foolabsxpdf0.92bcpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
foolabsxpdf0.92ccpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
foolabsxpdf0.92dcpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
foolabsxpdf0.92ecpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foolabs	xpdf	0.5a	cpe:2.3:a:foolabs:xpdf:0.5a:::::::*
foolabs	xpdf	0.7a	cpe:2.3:a:foolabs:xpdf:0.7a:::::::*
foolabs	xpdf	0.91a	cpe:2.3:a:foolabs:xpdf:0.91a:::::::*
foolabs	xpdf	0.91b	cpe:2.3:a:foolabs:xpdf:0.91b:::::::*
foolabs	xpdf	0.91c	cpe:2.3:a:foolabs:xpdf:0.91c:::::::*
foolabs	xpdf	0.92a	cpe:2.3:a:foolabs:xpdf:0.92a:::::::*
foolabs	xpdf	0.92b	cpe:2.3:a:foolabs:xpdf:0.92b:::::::*
foolabs	xpdf	0.92c	cpe:2.3:a:foolabs:xpdf:0.92c:::::::*
foolabs	xpdf	0.92d	cpe:2.3:a:foolabs:xpdf:0.92d:::::::*
foolabs	xpdf	0.92e	cpe:2.3:a:foolabs:xpdf:0.92e:::::::*

Rows per page:

1-10 of 1061

References

bugs.gentoo.org/show_bug.cgi?id=263028

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

rhn.redhat.com/errata/RHSA-2009-0458.html

secunia.com/advisories/34291

secunia.com/advisories/34481

secunia.com/advisories/34755

secunia.com/advisories/34756

secunia.com/advisories/34852

secunia.com/advisories/34959

secunia.com/advisories/34963

secunia.com/advisories/34991

secunia.com/advisories/35037

secunia.com/advisories/35064

secunia.com/advisories/35065

secunia.com/advisories/35074

secunia.com/advisories/35618

secunia.com/advisories/35685

security.gentoo.org/glsa/glsa-200904-20.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

support.apple.com/kb/HT3549

support.apple.com/kb/HT3639

wiki.rpath.com/Advisories:rPSA-2009-0059

wiki.rpath.com/Advisories:rPSA-2009-0061

www.debian.org/security/2009/dsa-1790

www.debian.org/security/2009/dsa-1793

www.mandriva.com/security/advisories?name=MDVSA-2009:101

www.mandriva.com/security/advisories?name=MDVSA-2010:087

www.redhat.com/support/errata/RHSA-2009-0429.html

www.redhat.com/support/errata/RHSA-2009-0430.html

www.redhat.com/support/errata/RHSA-2009-0431.html

www.redhat.com/support/errata/RHSA-2009-0480.html

www.securityfocus.com/archive/1/502750/100/0/threaded

www.securityfocus.com/archive/1/502761/100/0/threaded

www.securityfocus.com/bid/34568

www.securitytracker.com/id?1022073

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2009/1065

www.vupen.com/english/advisories/2009/1066

www.vupen.com/english/advisories/2009/1077

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1621

www.vupen.com/english/advisories/2010/1040

bugzilla.redhat.com/show_bug.cgi?id=490614

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941

www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

High

EPSS

0.021

Percentile

89.2%

JSON

Related for CVE-2009-0147