CVE-2009-0165

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

References

http://bugs.gentoo.org/show_bug.cgi?id=263028

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://secunia.com/advisories/34852

http://secunia.com/advisories/34959

http://secunia.com/advisories/34991

http://secunia.com/advisories/35037

http://secunia.com/advisories/35065

http://secunia.com/advisories/35074

http://secunia.com/advisories/35685

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3639

http://www.debian.org/security/2009/dsa-1790

http://www.debian.org/security/2009/dsa-1793

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.securityfocus.com/bid/34568

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1621

https://exchange.xforce.ibmcloud.com/vulnerabilities/50377

Details

Source: MITRE

Published: 2009-04-23

Updated: 2019-03-06

Type: CWE-189

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*

OR

cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
70309GLSA-201310-03 : Poppler: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
48362Ubuntu 9.04 : koffice vulnerabilities (USN-973-1)NessusUbuntu Local Security Checks
critical
43613Mandriva Linux Security Advisory : kde (MDVSA-2009:346)NessusMandriva Local Security Checks
critical
42181Mandriva Linux Security Advisory : cups (MDVSA-2009:282-1)NessusMandriva Local Security Checks
critical
42030openSUSE 10 Security Update : poppler (poppler-6319)NessusSuSE Local Security Checks
critical
41602SuSE 10 Security Update : xpdf (ZYPP Patch Number 6177)NessusSuSE Local Security Checks
critical
41578SuSE 10 Security Update : poppler (ZYPP Patch Number 6315)NessusSuSE Local Security Checks
critical
41530SuSE 10 Security Update : kdegraphics3 (ZYPP Patch Number 6283)NessusSuSE Local Security Checks
critical
41494SuSE 10 Security Update : CUPS (ZYPP Patch Number 6174)NessusSuSE Local Security Checks
critical
41427SuSE 11 Security Update : libpoppler4 (SAT Patch Number 1034)NessusSuSE Local Security Checks
critical
41292SuSE9 Security Update : CUPS (YOU Patch Number 12396)NessusSuSE Local Security Checks
critical
40324openSUSE Security Update : xpdf (xpdf-793)NessusSuSE Local Security Checks
critical
40267openSUSE Security Update : libpoppler4 (libpoppler4-1032)NessusSuSE Local Security Checks
critical
40246openSUSE Security Update : kdegraphics3 (kdegraphics3-819)NessusSuSE Local Security Checks
critical
40159openSUSE Security Update : xpdf (xpdf-793)NessusSuSE Local Security Checks
critical
40042openSUSE Security Update : libpoppler3 (libpoppler3-1035)NessusSuSE Local Security Checks
critical
40005openSUSE Security Update : kdegraphics3 (kdegraphics3-819)NessusSuSE Local Security Checks
critical
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38743Mac OS X Multiple Vulnerabilities (Security Update 2009-002)NessusMacOS X Local Security Checks
critical
38720Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 9.1 / current : xpdf (SSA:2009-129-01)NessusSlackware Local Security Checks
critical
38703Debian DSA-1793-1 : kdegraphics - multiple vulnerabilitiesNessusDebian Local Security Checks
critical
38692Debian DSA-1790-1 : xpdf - multiple vulnerabilitiesNessusDebian Local Security Checks
critical
38645openSUSE 10 Security Update : kdegraphics3 (kdegraphics3-6211)NessusSuSE Local Security Checks
critical
38204Mandriva Linux Security Advisory : xpdf (MDVSA-2009:101)NessusMandriva Local Security Checks
critical
38182openSUSE 10 Security Update : xpdf (xpdf-6182)NessusSuSE Local Security Checks
critical
37844openSUSE 10 Security Update : cups (cups-6172)NessusSuSE Local Security Checks
critical
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high