Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0147

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0147
Last Modified 16 Dec 2010 12:00:00
Published 23 Apr 2009 01:30:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0147

Summary

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

Vulnerable Systems

Application

  • Apple Cups 1.1

  • Apple Cups 1.1.1

  • Apple Cups 1.1.10

  • Apple Cups 1.1.10-1

  • Apple Cups 1.1.11

  • Apple Cups 1.1.12

  • Apple Cups 1.1.13

  • Apple Cups 1.1.14

  • Apple Cups 1.1.15

  • Apple Cups 1.1.16

  • Apple Cups 1.1.17

  • Apple Cups 1.1.18

  • Apple Cups 1.1.19

  • Apple Cups 1.1.2

  • Apple Cups 1.1.20

  • Apple Cups 1.1.21

  • Apple Cups 1.1.22

  • Apple Cups 1.1.23

  • Apple Cups 1.1.3

  • Apple Cups 1.1.4

  • Apple Cups 1.1.5

  • Apple Cups 1.1.5-1

  • Apple Cups 1.1.5-2

  • Apple Cups 1.1.6

  • Apple Cups 1.1.6-1

  • Apple Cups 1.1.6-2

  • Apple Cups 1.1.6-3

  • Apple Cups 1.1.7

  • Apple Cups 1.1.8

  • Apple Cups 1.1.9

  • Apple Cups 1.1.9-1

  • Apple Cups 1.2.0

  • Apple Cups 1.2.1

  • Apple Cups 1.2.10

  • Apple Cups 1.2.11

  • Apple Cups 1.2.12

  • Apple Cups 1.2.2

  • Apple Cups 1.2.3

  • Apple Cups 1.2.4

  • Apple Cups 1.2.5

  • Apple Cups 1.2.6

  • Apple Cups 1.2.7

  • Apple Cups 1.2.8

  • Apple Cups 1.2.9

  • Apple Cups 1.3.0

  • Apple Cups 1.3.1

  • Apple Cups 1.3.10

  • Apple Cups 1.3.11

  • Apple Cups 1.3.2

  • Apple Cups 1.3.3

  • Apple Cups 1.3.4

  • Apple Cups 1.3.5

  • Apple Cups 1.3.6

  • Apple Cups 1.3.7

  • Apple Cups 1.3.8

  • Apple Cups 1.3.9

  • Foolabs Xpdf 0.2

  • Foolabs Xpdf 0.3

  • Foolabs Xpdf 0.4

  • Foolabs Xpdf 0.5

  • Foolabs Xpdf 0.5a

  • Foolabs Xpdf 0.6

  • Foolabs Xpdf 0.7

  • Foolabs Xpdf 0.7a

  • Foolabs Xpdf 0.80

  • Foolabs Xpdf 0.90

  • Foolabs Xpdf 0.91

  • Foolabs Xpdf 0.91a

  • Foolabs Xpdf 0.91b

  • Foolabs Xpdf 0.91c

  • Foolabs Xpdf 0.92

  • Foolabs Xpdf 0.92a

  • Foolabs Xpdf 0.92b

  • Foolabs Xpdf 0.92c

  • Foolabs Xpdf 0.92d

  • Foolabs Xpdf 0.92e

  • Foolabs Xpdf 0.93

  • Foolabs Xpdf 0.93a

  • Foolabs Xpdf 0.93b

  • Foolabs Xpdf 0.93c

  • Foolabs Xpdf 1.00

  • Foolabs Xpdf 1.00a

  • Foolabs Xpdf 1.01

  • Foolabs Xpdf 2.00

  • Foolabs Xpdf 2.01

  • Foolabs Xpdf 2.02

  • Foolabs Xpdf 2.03

  • Foolabs Xpdf 3.00

  • Foolabs Xpdf 3.01

  • Foolabs Xpdf 3.02


References

CERT - TA09-133A

REDHAT - RHSA-2009:0430

FEDORA - FEDORA-2009-6982

FEDORA - FEDORA-2009-6973

FEDORA - FEDORA-2009-6972

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=490614

VUPEN - ADV-2010-1040

VUPEN - ADV-2009-1621

VUPEN - ADV-2009-1297

VUPEN - ADV-2009-1077

VUPEN - ADV-2009-1066

VUPEN - ADV-2009-1065

SECTRACK - 1022073

BID - 34568

BUGTRAQ - 20090417 rPSA-2009-0059-1 poppler

BUGTRAQ - 20090417 rPSA-2009-0061-1 cups

REDHAT - RHSA-2009:0480

REDHAT - RHSA-2009:0431

REDHAT - RHSA-2009:0429

MANDRIVA - MDVSA-2010:087

MANDRIVA - MDVSA-2009:101

DEBIAN - DSA-1793

DEBIAN - DSA-1790

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0061

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0059

CONFIRM - http://support.apple.com/kb/HT3639

CONFIRM - http://support.apple.com/kb/HT3549

SLACKWARE - SSA:2009-129-01

GENTOO - GLSA-200904-20

SECUNIA - 35685

SECUNIA - 35618

SECUNIA - 35074

SECUNIA - 35065

SECUNIA - 35064

SECUNIA - 35037

SECUNIA - 34991

SECUNIA - 34963

SECUNIA - 34959

SECUNIA - 34852

SECUNIA - 34756

SECUNIA - 34755

SECUNIA - 34481

SECUNIA - 34291

REDHAT - RHSA-2009:0458

SUSE - SUSE-SR:2009:012

SUSE - SUSE-SR:2009:010

SUSE - SUSE-SA:2009:024

APPLE - APPLE-SA-2009-05-12

APPLE - APPLE-SA-2009-06-17-1

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=263028

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Novell SUSE 2009:6283 kdegraphics3 security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:08