CVE-2009-0799

NONE EPSS 88.6%
Published Apr 23, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 23, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

Threat Intelligence

EPSS Exploit Probability
88.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 154

VendorProductVersionRange
foolabsxpdf0.5aany
foolabsxpdf0.7aany
foolabsxpdf0.91aany
foolabsxpdf0.91bany
foolabsxpdf0.91cany
foolabsxpdf0.92aany
foolabsxpdf0.92bany
foolabsxpdf0.92cany
foolabsxpdf0.92dany
foolabsxpdf0.92eany
foolabsxpdf0.93aany
foolabsxpdf0.93bany
foolabsxpdf0.93cany
foolabsxpdf1.00aany
glyphandcogxpdfreader* ≤3.02
glyphandcogxpdfreader0.2any
glyphandcogxpdfreader0.3any
glyphandcogxpdfreader0.4any
glyphandcogxpdfreader0.5any
glyphandcogxpdfreader0.6any
glyphandcogxpdfreader0.7any
glyphandcogxpdfreader0.80any
glyphandcogxpdfreader0.90any
glyphandcogxpdfreader0.91any
glyphandcogxpdfreader0.92any
glyphandcogxpdfreader0.93any
glyphandcogxpdfreader1.00any
glyphandcogxpdfreader1.01any
glyphandcogxpdfreader2.00any
glyphandcogxpdfreader2.01any
glyphandcogxpdfreader2.02any
glyphandcogxpdfreader2.03any
glyphandcogxpdfreader3.00any
glyphandcogxpdfreader3.01any
popplerpoppler* ≤0.10.5
popplerpoppler0.1any
popplerpoppler0.1.1any
popplerpoppler0.1.2any
popplerpoppler0.2.0any
popplerpoppler0.3.0any
popplerpoppler0.3.1any
popplerpoppler0.3.2any
popplerpoppler0.3.3any
popplerpoppler0.4.0any
popplerpoppler0.4.1any
popplerpoppler0.4.2any
popplerpoppler0.4.3any
popplerpoppler0.4.4any
popplerpoppler0.5.0any
popplerpoppler0.5.1any
popplerpoppler0.5.2any
popplerpoppler0.5.3any
popplerpoppler0.5.4any
popplerpoppler0.5.9any
popplerpoppler0.5.90any
popplerpoppler0.5.91any
popplerpoppler0.6.0any
popplerpoppler0.6.1any
popplerpoppler0.6.2any
popplerpoppler0.6.3any
popplerpoppler0.6.4any
popplerpoppler0.7.0any
popplerpoppler0.7.1any
popplerpoppler0.7.2any
popplerpoppler0.7.3any
popplerpoppler0.8.0any
popplerpoppler0.8.1any
popplerpoppler0.8.2any
popplerpoppler0.8.3any
popplerpoppler0.8.4any
popplerpoppler0.8.5any
popplerpoppler0.8.6any
popplerpoppler0.8.7any
popplerpoppler0.9.0any
popplerpoppler0.9.1any
popplerpoppler0.9.2any
popplerpoppler0.9.3any
popplerpoppler0.10.0any
popplerpoppler0.10.1any
popplerpoppler0.10.2any
popplerpoppler0.10.3any
popplerpoppler0.10.4any
applecups* ≤1.3.9
applecups1.1any
applecups1.1.1any
applecups1.1.2any
applecups1.1.3any
applecups1.1.4any
applecups1.1.5any
applecups1.1.5-1any
applecups1.1.5-2any
applecups1.1.6any
applecups1.1.6-1any
applecups1.1.6-2any
applecups1.1.6-3any
applecups1.1.7any
applecups1.1.8any
applecups1.1.9any
applecups1.1.9-1any
applecups1.1.10any
applecups1.1.10-1any
applecups1.1.11any
applecups1.1.12any
applecups1.1.13any
applecups1.1.14any
applecups1.1.15any
applecups1.1.16any
applecups1.1.17any
applecups1.1.18any
applecups1.1.19any
applecups1.1.19any
applecups1.1.19any
applecups1.1.19any
applecups1.1.19any
applecups1.1.19any
applecups1.1.20any
applecups1.1.20any
applecups1.1.20any
applecups1.1.20any
applecups1.1.20any
applecups1.1.20any
applecups1.1.20any
applecups1.1.21any
applecups1.1.21any
applecups1.1.21any
applecups1.1.22any
applecups1.1.22any
applecups1.1.22any
applecups1.1.23any
applecups1.1.23any
applecups1.2.0any
applecups1.2.1any
applecups1.2.2any
applecups1.2.3any
applecups1.2.4any
applecups1.2.5any
applecups1.2.6any
applecups1.2.7any
applecups1.2.8any
applecups1.2.9any
applecups1.2.10any
applecups1.2.11any
applecups1.2.12any
applecups1.3.0any
applecups1.3.1any
applecups1.3.2any
applecups1.3.3any
applecups1.3.4any
applecups1.3.5any
applecups1.3.6any
applecups1.3.7any
applecups1.3.8any
applecups1.3.10any
applecups1.3.11any

References 42

  • bugzilla.redhat.com http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
  • poppler.freedesktop.org http://poppler.freedesktop.org/releases.html
    PatchVendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2009-0458.html
  • secunia.com http://secunia.com/advisories/34291
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34481
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34746
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34755
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34756
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34852
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34959
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34963
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/34991
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/35037
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/35064
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/35065
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/35618
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/35685
    Vendor Advisory
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
  • debian.org http://www.debian.org/security/2009/dsa-1790
    Patch
  • debian.org http://www.debian.org/security/2009/dsa-1793
    Patch
  • kb.cert.org http://www.kb.cert.org/vuls/id/196617
    US Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0429.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0430.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0431.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0480.html
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/34568
    Patch
  • securitytracker.com http://www.securitytracker.com/id?1022072
  • vupen.com http://www.vupen.com/english/advisories/2009/1065
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/1066
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/1076
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/1077
    Vendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2010/1040
    Vendor Advisory
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

Remediation

  • poppler.freedesktop.org http://poppler.freedesktop.org/releases.html
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2009/dsa-1790
    Patch
  • debian.org http://www.debian.org/security/2009/dsa-1793
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0429.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0430.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0431.html
    Patch
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0480.html
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/34568
    Patch
  • vupen.com http://www.vupen.com/english/advisories/2009/1065
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/1066
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/1076
    PatchVendor Advisory