CVE-2009-0791
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.2 High
AI Score
Confidence
High
0.239 Low
EPSS
Percentile
96.6%
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
Affected configurations
References
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secunia.com/advisories/35340
secunia.com/advisories/35685
secunia.com/advisories/37023
secunia.com/advisories/37028
secunia.com/advisories/37037
secunia.com/advisories/37043
secunia.com/advisories/37077
secunia.com/advisories/37079
securitytracker.com/id?1022326
www.mandriva.com/security/advisories?name=MDVSA-2009:334
www.redhat.com/support/errata/RHSA-2009-1083.html
www.securityfocus.com/bid/35195
www.vupen.com/english/advisories/2009/1488
www.vupen.com/english/advisories/2009/2928
bugzilla.redhat.com/show_bug.cgi?id=491840
exchange.xforce.ibmcloud.com/vulnerabilities/50941
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
rhn.redhat.com/errata/RHSA-2009-1500.html
rhn.redhat.com/errata/RHSA-2009-1501.html
rhn.redhat.com/errata/RHSA-2009-1502.html
rhn.redhat.com/errata/RHSA-2009-1503.html
rhn.redhat.com/errata/RHSA-2009-1512.html
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.2 High
AI Score
Confidence
High
0.239 Low
EPSS
Percentile
96.6%