CVE-2009-0691

2009-06-2321:30:00

CWE-399

certcc

web.nvd.nist.gov

cve-2009-0691

foxit reader

denial of service

memory corruption

application crash

arbitrary code execution

jpeg2000

jpx

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.099

Percentile

95.0%

JSON

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.

Affected configurations

Nvd

Node

foxitsoftwarejpeg2000_jbig2_decoder_add-onRange≤2.0.2009.303

AND

foxitsoftwarefoxit_readerMatch3.0

VendorProductVersionCPE
foxitsoftwarejpeg2000_jbig2_decoder_add-on*cpe:2.3:a:foxitsoftware:jpeg2000_jbig2_decoder_add-on:*:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.0cpe:2.3:a:foxitsoftware:foxit_reader:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxitsoftware	jpeg2000_jbig2_decoder_add-on	*	cpe:2.3:a:foxitsoftware:jpeg2000_jbig2_decoder_add-on::::::::
foxitsoftware	foxit_reader	3.0	cpe:2.3:a:foxitsoftware:foxit_reader:3.0:::::::*