CVE-2009-0195

NONE EPSS 91.7%
Published Apr 23, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 23, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

Threat Intelligence

EPSS Exploit Probability
91.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 35

VendorProductVersionRange
applecups1.3.9any
foolabsxpdf0.5aany
foolabsxpdf0.7aany
foolabsxpdf0.91aany
foolabsxpdf0.91bany
foolabsxpdf0.91cany
foolabsxpdf0.92aany
foolabsxpdf0.92bany
foolabsxpdf0.92cany
foolabsxpdf0.92dany
foolabsxpdf0.92eany
foolabsxpdf0.93aany
foolabsxpdf0.93bany
foolabsxpdf0.93cany
foolabsxpdf1.00aany
foolabsxpdf3.0.1any
glyphandcogxpdfreader* ≤3.02
glyphandcogxpdfreader0.2any
glyphandcogxpdfreader0.3any
glyphandcogxpdfreader0.4any
glyphandcogxpdfreader0.5any
glyphandcogxpdfreader0.6any
glyphandcogxpdfreader0.7any
glyphandcogxpdfreader0.80any
glyphandcogxpdfreader0.90any
glyphandcogxpdfreader0.91any
glyphandcogxpdfreader0.92any
glyphandcogxpdfreader0.93any
glyphandcogxpdfreader1.00any
glyphandcogxpdfreader1.01any
glyphandcogxpdfreader2.00any
glyphandcogxpdfreader2.01any
glyphandcogxpdfreader2.02any
glyphandcogxpdfreader2.03any
glyphandcogxpdfreader3.00any

References 15

  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2009-0458.html
  • secunia.com http://secunia.com/advisories/34291
  • secunia.com http://secunia.com/advisories/34481
  • secunia.com http://secunia.com/advisories/34756
  • secunia.com http://secunia.com/advisories/34963
  • secunia.com http://secunia.com/advisories/35064
  • secunia.com http://secunia.com/secunia_research/2009-17/
    Vendor Advisory
  • secunia.com http://secunia.com/secunia_research/2009-18/
    Vendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0480.html
  • securityfocus.com http://www.securityfocus.com/archive/1/502759/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/502762/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/34791
  • vupen.com http://www.vupen.com/english/advisories/2010/1040
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.