Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0195

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-0195
Last Modified 21 Aug 2010 01:29:53
Published 23 Apr 2009 01:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0195

Summary

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

Vulnerable Systems

Application

  • Apple Cups 1.3.9

  • Foolabs Xpdf 0.2

  • Foolabs Xpdf 0.3

  • Foolabs Xpdf 0.4

  • Foolabs Xpdf 0.5

  • Foolabs Xpdf 0.5a

  • Foolabs Xpdf 0.6

  • Foolabs Xpdf 0.7

  • Foolabs Xpdf 0.7a

  • Foolabs Xpdf 0.80

  • Foolabs Xpdf 0.90

  • Foolabs Xpdf 0.91

  • Foolabs Xpdf 0.91a

  • Foolabs Xpdf 0.91b

  • Foolabs Xpdf 0.91c

  • Foolabs Xpdf 0.92

  • Foolabs Xpdf 0.92a

  • Foolabs Xpdf 0.92b

  • Foolabs Xpdf 0.92c

  • Foolabs Xpdf 0.92d

  • Foolabs Xpdf 0.92e

  • Foolabs Xpdf 0.93

  • Foolabs Xpdf 0.93a

  • Foolabs Xpdf 0.93b

  • Foolabs Xpdf 0.93c

  • Foolabs Xpdf 1.00

  • Foolabs Xpdf 1.00a

  • Foolabs Xpdf 1.01

  • Foolabs Xpdf 2.00

  • Foolabs Xpdf 2.01

  • Foolabs Xpdf 2.02

  • Foolabs Xpdf 2.03

  • Foolabs Xpdf 3.0.1

  • Foolabs Xpdf 3.00

  • Foolabs Xpdf 3.02


References

VUPEN - ADV-2010-1040

BID - 34791

BUGTRAQ - 20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability

BUGTRAQ - 20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow

REDHAT - RHSA-2009:0480

MANDRIVA - MDVSA-2010:087

MISC - http://secunia.com/secunia_research/2009-18/

MISC - http://secunia.com/secunia_research/2009-17/

SECUNIA - 35064

SECUNIA - 34963

SECUNIA - 34756

SECUNIA - 34481

SECUNIA - 34291

REDHAT - RHSA-2009:0458


Last Updated: 27 May 2016 10:50:09