Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0691

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0691
Last Modified 26 Jun 2009 12:00:00
Published 23 Jun 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0691

Summary

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.

Vulnerable Systems

Application

  • Foxitsoftware Foxit Reader 3.0

  • Foxitsoftware Jpeg2000 Jbig2 Decoder Add-on 2.0.2009.303


References

CERT-VN - VU#251793

VUPEN - ADV-2009-1640

BID - 35443

CONFIRM - http://www.foxitsoftware.com/pdf/reader/security.htm#0602

SECTRACK - 1022425

SECUNIA - 35512


Last Updated: 27 May 2016 10:50:20