CVE-2009-0800

high

Description

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

References

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323

https://bugzilla.redhat.com/show_bug.cgi?id=495887

http://www.vupen.com/english/advisories/2010/1040

http://www.vupen.com/english/advisories/2009/1077

http://www.vupen.com/english/advisories/2009/1076

http://www.vupen.com/english/advisories/2009/1066

http://www.vupen.com/english/advisories/2009/1065

http://www.securitytracker.com/id?1022073

http://www.securityfocus.com/bid/34568

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.redhat.com/support/errata/RHSA-2009-0431.html

http://www.redhat.com/support/errata/RHSA-2009-0430.html

http://www.redhat.com/support/errata/RHSA-2009-0429.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.kb.cert.org/vuls/id/196617

http://www.debian.org/security/2009/dsa-1793

http://www.debian.org/security/2009/dsa-1790

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://secunia.com/advisories/35685

http://secunia.com/advisories/35618

http://secunia.com/advisories/35065

http://secunia.com/advisories/35064

http://secunia.com/advisories/35037

http://secunia.com/advisories/34991

http://secunia.com/advisories/34963

http://secunia.com/advisories/34959

http://secunia.com/advisories/34852

http://secunia.com/advisories/34756

http://secunia.com/advisories/34755

http://secunia.com/advisories/34746

http://secunia.com/advisories/34481

http://secunia.com/advisories/34291

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://poppler.freedesktop.org/releases.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

Details

Source: Mitre, NVD

Published: 2009-04-23

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High