CVE-2009-0146

CVSS V2 Medium 4.3 CVSS V3 None

Description

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

Overview

CVE ID
CVE-2009-0146

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2009-04-23T17:30:01

Last Modified Date
2019-03-06T16:30:38

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:foolabs:xpdf:0.5a:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.7a:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.91a:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.91b:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.91c:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.92a:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.92b:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.92c:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.92d:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.92e:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.93a:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.93b:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:0.93c:::::::*	1	OR
cpe:2.3:a:foolabs:xpdf:1.00a:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader::::::::	1	OR	3.02
cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*	1	OR
cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::*	1	OR
cpe:2.3:a:apple:cups::::::::	1	OR	1.3.9
cpe:2.3:a:apple:cups:1.1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.2:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.3:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.4:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.5:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.5-1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.5-2:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.6:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.6-1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.6-2:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.6-3:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.7:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.8:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.9:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.9-1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.10:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.10-1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.11:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.12:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.13:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.14:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.15:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.16:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.17:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.18:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.19:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.19:rc1::::::	1	OR
cpe:2.3:a:apple:cups:1.1.19:rc2::::::	1	OR
cpe:2.3:a:apple:cups:1.1.19:rc3::::::	1	OR
cpe:2.3:a:apple:cups:1.1.19:rc4::::::	1	OR
cpe:2.3:a:apple:cups:1.1.19:rc5::::::	1	OR
cpe:2.3:a:apple:cups:1.1.20:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.20:rc1::::::	1	OR
cpe:2.3:a:apple:cups:1.1.20:rc2::::::	1	OR
cpe:2.3:a:apple:cups:1.1.20:rc3::::::	1	OR
cpe:2.3:a:apple:cups:1.1.20:rc4::::::	1	OR
cpe:2.3:a:apple:cups:1.1.20:rc5::::::	1	OR
cpe:2.3:a:apple:cups:1.1.20:rc6::::::	1	OR
cpe:2.3:a:apple:cups:1.1.21:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.21:rc1::::::	1	OR
cpe:2.3:a:apple:cups:1.1.21:rc2::::::	1	OR
cpe:2.3:a:apple:cups:1.1.22:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.22:rc1::::::	1	OR
cpe:2.3:a:apple:cups:1.1.22:rc2::::::	1	OR
cpe:2.3:a:apple:cups:1.1.23:::::::*	1	OR
cpe:2.3:a:apple:cups:1.1.23:rc1::::::	1	OR
cpe:2.3:a:apple:cups:1.2.0:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.2:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.3:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.4:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.5:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.6:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.7:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.8:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.9:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.10:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.11:::::::*	1	OR
cpe:2.3:a:apple:cups:1.2.12:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.0:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.1:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.2:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.3:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.4:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.5:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.6:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.7:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.8:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.10:::::::*	1	OR
cpe:2.3:a:apple:cups:1.3.11:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
4.3

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
2.9

References

Reference URL	Reference Tags
http://secunia.com/advisories/34755	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=490612
http://www.redhat.com/support/errata/RHSA-2009-0430.html	Patch
http://bugs.gentoo.org/show_bug.cgi?id=263028
http://www.securitytracker.com/id?1022073
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.vupen.com/english/advisories/2009/1065	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.vupen.com/english/advisories/2009/1077	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://secunia.com/advisories/34481	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1066	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0431.html
http://www.securityfocus.com/bid/34568
http://secunia.com/advisories/34291	Vendor Advisory
http://secunia.com/advisories/34852	Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0061
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://secunia.com/advisories/34756
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.debian.org/security/2009/dsa-1790
http://secunia.com/advisories/34959	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://secunia.com/advisories/34963
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
http://secunia.com/advisories/35037
http://secunia.com/advisories/35065	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://www.vupen.com/english/advisories/2009/1297	Vendor Advisory
http://secunia.com/advisories/35074	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
http://support.apple.com/kb/HT3549
http://www.debian.org/security/2009/dsa-1793
http://secunia.com/advisories/34991	Vendor Advisory
http://secunia.com/advisories/35064	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621	Vendor Advisory
http://support.apple.com/kb/HT3639
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35618	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://secunia.com/advisories/35685	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.vupen.com/english/advisories/2010/1040	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/archive/1/502750/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2009-0146
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 07:56:43				Added to TrackCVE