Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2009-0195
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.8/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://secunia.com/secunia_research/2009-18/
- http://secunia.com/secunia_research/2009-17/
- http://secunia.com/advisories/34481
- http://secunia.com/advisories/34291
- http://secunia.com/advisories/34756
- http://rhn.redhat.com/errata/RHSA-2009-0458.html
- http://secunia.com/advisories/34963
- http://www.securityfocus.com/bid/34791
- http://www.redhat.com/support/errata/RHSA-2009-0480.html
- http://secunia.com/advisories/35064
- http://www.vupen.com/english/advisories/2010/1040
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1
- http://www.securityfocus.com/archive/1/502762/100/0/threaded
- http://www.securityfocus.com/archive/1/502759/100/0/threaded