CVE-2009-0755

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

References

http://bugs.freedesktop.org/show_bug.cgi?id=19790

http://lists.freedesktop.org/archives/poppler/2009-January/004406.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://secunia.com/advisories/33853

http://secunia.com/advisories/35685

http://secunia.com/advisories/37114

http://wiki.rpath.com/Advisories:rPSA-2009-0059

http://www.debian.org/security/2009/dsa-1941

http://www.openwall.com/lists/oss-security/2009/02/13/1

http://www.openwall.com/lists/oss-security/2009/02/19/2

http://www.securityfocus.com/archive/1/502761/100/0/threaded

http://www.securityfocus.com/bid/33749

http://www.ubuntu.com/usn/USN-850-1

Details

Source: MITRE

Published: 2009-03-03

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:* versions up to 0.10.3 (inclusive)

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
44806Debian DSA-1941-1 : poppler - several vulnerabilitiesNessusDebian Local Security Checks
high
42207Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : poppler vulnerabilities (USN-850-1)NessusUbuntu Local Security Checks
high
42030openSUSE 10 Security Update : poppler (poppler-6319)NessusSuSE Local Security Checks
critical
41578SuSE 10 Security Update : poppler (ZYPP Patch Number 6315)NessusSuSE Local Security Checks
critical
41427SuSE 11 Security Update : libpoppler4 (SAT Patch Number 1034)NessusSuSE Local Security Checks
critical
40267openSUSE Security Update : libpoppler4 (libpoppler4-1032)NessusSuSE Local Security Checks
critical
40042openSUSE Security Update : libpoppler3 (libpoppler3-1035)NessusSuSE Local Security Checks
critical
36675Mandriva Linux Security Advisory : poppler (MDVSA-2009:068-1)NessusMandriva Local Security Checks
medium