CVE-2009-0195

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

References

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://secunia.com/advisories/34291

http://secunia.com/advisories/34481

http://secunia.com/advisories/34756

http://secunia.com/advisories/34963

http://secunia.com/advisories/35064

http://secunia.com/secunia_research/2009-17/

http://secunia.com/secunia_research/2009-18/

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.securityfocus.com/archive/1/502759/100/0/threaded

http://www.securityfocus.com/archive/1/502762/100/0/threaded

http://www.securityfocus.com/bid/34791

http://www.vupen.com/english/advisories/2010/1040

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076

Details

Source: MITRE

Published: 2009-04-23

Updated: 2019-03-06

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* versions up to 3.02 (inclusive)

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
70309GLSA-201310-03 : Poppler: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68039Oracle Linux 5 : tetex (ELSA-2010-0400)NessusOracle Linux Local Security Checks
high
68038Oracle Linux 4 : tetex (ELSA-2010-0399)NessusOracle Linux Local Security Checks
high
67858Oracle Linux 5 : poppler (ELSA-2009-0480)NessusOracle Linux Local Security Checks
high
67852Oracle Linux 4 : gpdf (ELSA-2009-0458)NessusOracle Linux Local Security Checks
high
67846Oracle Linux 4 : kdegraphics (ELSA-2009-0431)NessusOracle Linux Local Security Checks
high
67845Oracle Linux 3 / 4 : xpdf (ELSA-2009-0430)NessusOracle Linux Local Security Checks
high
67844Oracle Linux 4 / 5 : cups (ELSA-2009-0429)NessusOracle Linux Local Security Checks
high
60791Scientific Linux Security Update : tetex on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60790Scientific Linux Security Update : tetex on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60584Scientific Linux Security Update : poppler on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60576Scientific Linux Security Update : gpdf on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
48362Ubuntu 9.04 : koffice vulnerabilities (USN-973-1)NessusUbuntu Local Security Checks
critical
46760CentOS 5 : tetex (CESA-2010:0400)NessusCentOS Local Security Checks
high
46309RHEL 5 : tetex (RHSA-2010:0400)NessusRed Hat Local Security Checks
high
46308RHEL 4 : tetex (RHSA-2010:0399)NessusRed Hat Local Security Checks
high
46257CentOS 4 : tetex (CESA-2010:0399)NessusCentOS Local Security Checks
high
43748CentOS 5 : poppler (CESA-2009:0480)NessusCentOS Local Security Checks
high
42181Mandriva Linux Security Advisory : cups (MDVSA-2009:282-1)NessusMandriva Local Security Checks
critical
38901CentOS 4 : gpdf (CESA-2009:0458)NessusCentOS Local Security Checks
high
38898CentOS 4 / 5 : kdegraphics (CESA-2009:0431)NessusCentOS Local Security Checks
high
38897CentOS 4 / 5 : cups (CESA-2009:0429)NessusCentOS Local Security Checks
high
38769RHEL 5 : poppler (RHSA-2009:0480)NessusRed Hat Local Security Checks
high
38660RHEL 4 : gpdf (RHSA-2009:0458)NessusRed Hat Local Security Checks
high
36188CentOS 3 / 4 : xpdf (CESA-2009:0430)NessusCentOS Local Security Checks
high
36183CUPS < 1.3.10 Multiple VulnerabilitiesNessusMisc.
high
36181RHEL 4 / 5 : kdegraphics (RHSA-2009:0431)NessusRed Hat Local Security Checks
high
36180RHEL 3 / 4 : xpdf (RHSA-2009:0430)NessusRed Hat Local Security Checks
high
36179RHEL 4 / 5 : cups (RHSA-2009:0429)NessusRed Hat Local Security Checks
high
4771CUPS < 1.3.10 Multiple OverflowsNessus Network MonitorWeb Servers
high