CVE-2009-0690

2022-10-0316:24:08

CWE-189

[email protected]

web.nvd.nist.gov

foxit

jpeg2000

jbig2

decoder

vulnerability

foxit reader

denial of service

memory corruption

application crash

arbitrary code

pdf

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.

Affected configurations

NVD

Node

foxitsoftwarefoxit_readerMatch3.0

foxitsoftwarefoxit_readerMatch3.0.2009.1301

AND

foxitsoftwarejpeg2000\/jbig2_decoder_add-onMatch2.0.2009.303

CPENameOperatorVersion
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.0
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.0.2009.1301
foxitsoftware:jpeg2000\/jbig2_decoder_add-onfoxitsoftware jpeg2000/jbig2 decoder add-oneq2.0.2009.303

CPE	Name	Operator	Version
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.0
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.0.2009.1301
foxitsoftware:jpeg2000\/jbig2_decoder_add-on	foxitsoftware jpeg2000/jbig2 decoder add-on	eq	2.0.2009.303