CVE-2009-0147

Severity

43%

Complexity

86%

Confidentiality

48%

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 15 years ago

2009-04-23 17:30:00

Last updated 5 years ago

2019-03-06 16:30:00

Affected Software

Glyph & Cog XpdfReader 0.2

0.2

Glyph & Cog XpdfReader 0.3

0.3

Glyph & Cog XpdfReader 0.4

0.4

Glyph & Cog XpdfReader 0.5

0.5

Glyph & Cog XpdfReader 0.6

0.6

Glyph & Cog XpdfReader 0.7

0.7

Glyph & Cog XpdfReader 0.80

0.80

Glyph & Cog XpdfReader 0.90

0.90

Glyph & Cog XpdfReader 0.91

0.91

Glyph & Cog XpdfReader 0.92

0.92

Glyph & Cog XpdfReader 0.93

0.93

Glyph & Cog XpdfReader 1.00

1.00

Glyph & Cog XpdfReader 1.01

1.01

Glyph & Cog XpdfReader 2.00

2.00

Glyph & Cog XpdfReader 2.01

2.01

Glyph & Cog XpdfReader 2.02

2.02

Glyph & Cog XpdfReader 2.03

2.03

Glyph & Cog XpdfReader 3.00

3.00

Glyph & Cog XpdfReader 3.01

3.01

Apple CUPS 1.1

1.1

Apple CUPS 1.1.1

1.1.1

Apple CUPS 1.1.2

1.1.2

Apple CUPS 1.1.3

1.1.3

Apple CUPS 1.1.4

1.1.4

Apple CUPS 1.1.5

1.1.5

Apple CUPS 1.1.5-1

1.1.5-1

Apple CUPS 1.1.5-2

1.1.5-2

Apple CUPS 1.1.6

1.1.6

Apple CUPS 1.1.6-1

1.1.6-1

Apple CUPS 1.1.6-2

1.1.6-2

Apple CUPS 1.1.6-3

1.1.6-3

Apple CUPS 1.1.7

1.1.7

Apple CUPS 1.1.8

1.1.8

Apple CUPS 1.1.9

1.1.9

Apple CUPS 1.1.9-1

1.1.9-1

Apple CUPS 1.1.10

1.1.10

Apple CUPS 1.1.10-1

1.1.10-1

Apple CUPS 1.1.11

1.1.11

Apple CUPS 1.1.12

1.1.12

Apple CUPS 1.1.13

1.1.13

Apple CUPS 1.1.14

1.1.14

Apple CUPS 1.1.15

1.1.15

Apple CUPS 1.1.16

1.1.16

Apple CUPS 1.1.17

1.1.17

Apple CUPS 1.18

1.1.18

Apple CUPS 1.1.19

1.1.19

Apple CUPS 1.1.19 release candidate 1

1.1.19

Apple CUPS 1.1.19 release candidate 2

1.1.19

Apple CUPS 1.1.19 release candidate 3

1.1.19

Apple CUPS 1.1.19 release candidate 4

1.1.19

Apple CUPS 1.1.19 release candidate 5

1.1.19

Apple CUPS 1.1.20

1.1.20

Apple CUPS 1.1.20 release candidate 1

1.1.20

Apple CUPS 1.1.20 release candidate 2

1.1.20

Apple CUPS 1.1.20 release candidate 3

1.1.20

Apple CUPS 1.1.20 release candidate 4

1.1.20

Apple CUPS 1.1.20 release candidate 5

1.1.20

Apple CUPS 1.1.20 release candidate 6

1.1.20

Apple CUPS 1.1.21

1.1.21

Apple CUPS 1.1.21 release candidate 1

1.1.21

Apple CUPS 1.1.21 release candidate 2

1.1.21

Apple CUPS 1.1.22

1.1.22

Apple CUPS 1.1.22 release candidate 1

1.1.22

Apple CUPS 1.1.22 release candidate 2

1.1.22

Apple CUPS 1.1.23

1.1.23

Apple CUPS 1.1.23 release candidate 1

1.1.23

Apple CUPS 1.2.0

1.2.0

Apple CUPS 1.2.1

1.2.1

Apple CUPS 1.2.2

1.2.2

Apple CUPS 1.2.3

1.2.3

Apple CUPS 1.2.4

1.2.4

Apple CUPS 1.2.5

1.2.5

Apple CUPS 1.2.6

1.2.6

Apple CUPS 1.2.7

1.2.7

Apple CUPS 1.2.8

1.2.8

Apple CUPS 1.2.9

1.2.9

Apple CUPS 1.2.10

1.2.10

Apple CUPS 1.2.11

1.2.11

Apple CUPS 1.2.12

1.2.12

Apple CUPS 1.3.0

1.3.0

Apple CUPS 1.3.1

1.3.1

Apple CUPS 1.3.2

1.3.2

Apple CUPS 1.3.3

1.3.3

Apple CUPS 1.3.4

1.3.4

Apple CUPS 1.3.5

1.3.5

Apple CUPS 1.3.6

1.3.6

Apple CUPS 1.3.7

1.3.7

Apple CUPS 1.3.8

1.3.8

Apple Cups

Apple CUPS 1.3.10

1.3.10

Apple CUPS 1.3.11

1.3.11

References

http://bugs.gentoo.org/show_bug.cgi?id=263028

APPLE-SA-2009-06-17-1

APPLE-SA-2009-05-12

SUSE-SA:2009:024

SUSE-SR:2009:010

SUSE-SR:2009:012

RHSA-2009:0458

34291

Vendor Advisory

34481

Vendor Advisory

34755

Vendor Advisory

34756

Vendor Advisory

34852

Vendor Advisory

34959

Vendor Advisory

34963

Vendor Advisory

34991

Vendor Advisory

35037

Vendor Advisory

35064

Vendor Advisory

35065

Vendor Advisory

35074

Vendor Advisory

35618

Vendor Advisory

35685

Vendor Advisory

GLSA-200904-20

SSA:2009-129-01

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3639

http://wiki.rpath.com/Advisories:rPSA-2009-0059

http://wiki.rpath.com/Advisories:rPSA-2009-0061

DSA-1790

DSA-1793

MDVSA-2009:101

MDVSA-2010:087

RHSA-2009:0429

RHSA-2009:0430

Patch

RHSA-2009:0431

RHSA-2009:0480

20090417 rPSA-2009-0061-1 cups

20090417 rPSA-2009-0059-1 poppler

34568

1022073

TA09-133A

US Government Resource

ADV-2009-1065

Vendor Advisory

ADV-2009-1066

Vendor Advisory

ADV-2009-1077

Vendor Advisory

ADV-2009-1297

Vendor Advisory

ADV-2009-1621

Vendor Advisory

ADV-2010-1040

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=490614

oval:org.mitre.oval:def:9941

FEDORA-2009-6972

FEDORA-2009-6973

FEDORA-2009-6982

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.