CVE-2009-0147

MEDIUM

Description

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

References

http://bugs.gentoo.org/show_bug.cgi?id=263028

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://secunia.com/advisories/34291

http://secunia.com/advisories/34481

http://secunia.com/advisories/34755

http://secunia.com/advisories/34756

http://secunia.com/advisories/34852

http://secunia.com/advisories/34959

http://secunia.com/advisories/34963

http://secunia.com/advisories/34991

http://secunia.com/advisories/35037

http://secunia.com/advisories/35064

http://secunia.com/advisories/35065

http://secunia.com/advisories/35074

http://secunia.com/advisories/35618

http://secunia.com/advisories/35685

http://security.gentoo.org/glsa/glsa-200904-20.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3639

http://wiki.rpath.com/Advisories:rPSA-2009-0059

http://wiki.rpath.com/Advisories:rPSA-2009-0061

http://www.debian.org/security/2009/dsa-1790

http://www.debian.org/security/2009/dsa-1793

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.redhat.com/support/errata/RHSA-2009-0429.html

http://www.redhat.com/support/errata/RHSA-2009-0430.html

http://www.redhat.com/support/errata/RHSA-2009-0431.html

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.securityfocus.com/archive/1/502750/100/0/threaded

http://www.securityfocus.com/archive/1/502761/100/0/threaded

http://www.securityfocus.com/bid/34568

http://www.securitytracker.com/id?1022073

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1065

http://www.vupen.com/english/advisories/2009/1066

http://www.vupen.com/english/advisories/2009/1077

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2010/1040

https://bugzilla.redhat.com/show_bug.cgi?id=490614

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

Details

Source: MITRE

Published: 2009-04-23

Updated: 2019-03-06

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* versions up to 3.02 (inclusive)

Configuration 2

OR

cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* versions up to 1.3.9 (inclusive)

cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*

Tenable Plugins

View all (68 total)

IDNameProductFamilySeverity
70309GLSA-201310-03 : Poppler: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
68039Oracle Linux 5 : tetex (ELSA-2010-0400)NessusOracle Linux Local Security Checks
high
68038Oracle Linux 4 : tetex (ELSA-2010-0399)NessusOracle Linux Local Security Checks
high
67858Oracle Linux 5 : poppler (ELSA-2009-0480)NessusOracle Linux Local Security Checks
high
67852Oracle Linux 4 : gpdf (ELSA-2009-0458)NessusOracle Linux Local Security Checks
high
67846Oracle Linux 4 : kdegraphics (ELSA-2009-0431)NessusOracle Linux Local Security Checks
high
67845Oracle Linux 3 / 4 : xpdf (ELSA-2009-0430)NessusOracle Linux Local Security Checks
high
67844Oracle Linux 4 / 5 : cups (ELSA-2009-0429)NessusOracle Linux Local Security Checks
high
60791Scientific Linux Security Update : tetex on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60790Scientific Linux Security Update : tetex on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60584Scientific Linux Security Update : poppler on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60576Scientific Linux Security Update : gpdf on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60571Scientific Linux Security Update : xpdf on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60569Scientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60568Scientific Linux Security Update : cups on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
48362Ubuntu 9.04 : koffice vulnerabilities (USN-973-1)NessusUbuntu Local Security Checks
critical
46760CentOS 5 : tetex (CESA-2010:0400)NessusCentOS Local Security Checks
high
46309RHEL 5 : tetex (RHSA-2010:0400)NessusRed Hat Local Security Checks
high
46308RHEL 4 : tetex (RHSA-2010:0399)NessusRed Hat Local Security Checks
high
46257CentOS 4 : tetex (CESA-2010:0399)NessusCentOS Local Security Checks
high
43748CentOS 5 : poppler (CESA-2009:0480)NessusCentOS Local Security Checks
high
43613Mandriva Linux Security Advisory : kde (MDVSA-2009:346)NessusMandriva Local Security Checks
critical
42181Mandriva Linux Security Advisory : cups (MDVSA-2009:282-1)NessusMandriva Local Security Checks
critical
42030openSUSE 10 Security Update : poppler (poppler-6319)NessusSuSE Local Security Checks
critical
41602SuSE 10 Security Update : xpdf (ZYPP Patch Number 6177)NessusSuSE Local Security Checks
critical
41578SuSE 10 Security Update : poppler (ZYPP Patch Number 6315)NessusSuSE Local Security Checks
critical
41530SuSE 10 Security Update : kdegraphics3 (ZYPP Patch Number 6283)NessusSuSE Local Security Checks
critical
41494SuSE 10 Security Update : CUPS (ZYPP Patch Number 6174)NessusSuSE Local Security Checks
critical
41427SuSE 11 Security Update : libpoppler4 (SAT Patch Number 1034)NessusSuSE Local Security Checks
critical
41292SuSE9 Security Update : CUPS (YOU Patch Number 12396)NessusSuSE Local Security Checks
critical
40324openSUSE Security Update : xpdf (xpdf-793)NessusSuSE Local Security Checks
critical
40267openSUSE Security Update : libpoppler4 (libpoppler4-1032)NessusSuSE Local Security Checks
critical
40246openSUSE Security Update : kdegraphics3 (kdegraphics3-819)NessusSuSE Local Security Checks
critical
40159openSUSE Security Update : xpdf (xpdf-793)NessusSuSE Local Security Checks
critical
40042openSUSE Security Update : libpoppler3 (libpoppler3-1035)NessusSuSE Local Security Checks
critical
40005openSUSE Security Update : kdegraphics3 (kdegraphics3-819)NessusSuSE Local Security Checks
critical
39844Fedora 11 : poppler-0.10.7-2.fc11 (2009-6972)NessusFedora Local Security Checks
high
39548Fedora 9 : poppler-0.8.7-2.fc9 (2009-6982)NessusFedora Local Security Checks
high
39547Fedora 10 : poppler-0.8.7-6.fc10 (2009-6973)NessusFedora Local Security Checks
high
38901CentOS 4 : gpdf (CESA-2009:0458)NessusCentOS Local Security Checks
high
38898CentOS 4 / 5 : kdegraphics (CESA-2009:0431)NessusCentOS Local Security Checks
high
38897CentOS 4 / 5 : cups (CESA-2009:0429)NessusCentOS Local Security Checks
high
38769RHEL 5 : poppler (RHSA-2009:0480)NessusRed Hat Local Security Checks
high
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38743Mac OS X Multiple Vulnerabilities (Security Update 2009-002)NessusMacOS X Local Security Checks
critical
38720Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 9.1 / current : xpdf (SSA:2009-129-01)NessusSlackware Local Security Checks
critical
38705FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)NessusFreeBSD Local Security Checks
medium
38703Debian DSA-1793-1 : kdegraphics - multiple vulnerabilitiesNessusDebian Local Security Checks
critical
38692Debian DSA-1790-1 : xpdf - multiple vulnerabilitiesNessusDebian Local Security Checks
critical
38660RHEL 4 : gpdf (RHSA-2009:0458)NessusRed Hat Local Security Checks
high
38645openSUSE 10 Security Update : kdegraphics3 (kdegraphics3-6211)NessusSuSE Local Security Checks
critical
38204Mandriva Linux Security Advisory : xpdf (MDVSA-2009:101)NessusMandriva Local Security Checks
critical
38182openSUSE 10 Security Update : xpdf (xpdf-6182)NessusSuSE Local Security Checks
critical
38166Slackware 12.0 / 12.1 / 12.2 / current : cups (SSA:2009-116-01)NessusSlackware Local Security Checks
medium
38161GLSA-200904-20 : CUPS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
37844openSUSE 10 Security Update : cups (cups-6172)NessusSuSE Local Security Checks
critical
37075Fedora 10 : cups-1.3.10-1.fc10 (2009-3769)NessusFedora Local Security Checks
medium
36635Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : poppler vulnerabilities (USN-759-1)NessusUbuntu Local Security Checks
high
36261Fedora 10 : xpdf-3.02-13.fc10 (2009-3820)NessusFedora Local Security Checks
high
36210Fedora 9 : xpdf-3.02-13.fc9 (2009-3794)NessusFedora Local Security Checks
high
36209Fedora 9 : cups-1.3.10-1.fc9 (2009-3753)NessusFedora Local Security Checks
medium
36193FreeBSD : xpdf -- multiple vulnerabilities (a21037d5-2c38-11de-ab3b-0017a4cccfc6)NessusFreeBSD Local Security Checks
high
36188CentOS 3 / 4 : xpdf (CESA-2009:0430)NessusCentOS Local Security Checks
high
36181RHEL 4 / 5 : kdegraphics (RHSA-2009:0431)NessusRed Hat Local Security Checks
high
36180RHEL 3 / 4 : xpdf (RHSA-2009:0430)NessusRed Hat Local Security Checks
high
36179RHEL 4 / 5 : cups (RHSA-2009:0429)NessusRed Hat Local Security Checks
high
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high