Vulnerabilites related to glyphandcog - xpdfreader
CVE-2019-9588 (GCVE-0-2019-9588)
Vulnerability from cvelistv5
Published
2019-03-06 08:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41261"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41261",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9588",
"datePublished": "2019-03-06T08:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14294 (GCVE-0-2019-14294)
Vulnerability from cvelistv5
Published
2019-07-27 18:40
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:40:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14294",
"datePublished": "2019-07-27T18:40:27",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1181 (GCVE-0-2009-1181)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "1022072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022072"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "oval:org.mitre.oval:def:9683",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495894"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "1022072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022072"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "oval:org.mitre.oval:def:9683",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495894"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1181",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12958 (GCVE-0-2019-12958)
Vulnerability from cvelistv5
Published
2019-06-24 23:27
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41815"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41815"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41815",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41815"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12958",
"datePublished": "2019-06-24T23:27:28",
"dateReserved": "2019-06-24T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3604 (GCVE-0-2009-3604)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "37042",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "37028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://site.pi3.com.pl/adv/xpdf.txt"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "xpdf-splashdrawimage-bo(53795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "oval:org.mitre.oval:def:10969",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2"
},
{
"name": "RHSA-2009:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
},
{
"name": "37023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37023"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "37042",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "37028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://site.pi3.com.pl/adv/xpdf.txt"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "xpdf-splashdrawimage-bo(53795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "oval:org.mitre.oval:def:10969",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2"
},
{
"name": "RHSA-2009:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
},
{
"name": "37023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37023"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36703"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3604",
"datePublished": "2009-10-21T17:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0147 (GCVE-0-2009-0147)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9941",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=263028",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0059",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490614",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0147",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16088 (GCVE-0-2019-16088)
Vulnerability from cvelistv5
Published
2019-09-06 21:25
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-06T21:25:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387",
"refsource": "MISC",
"url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16088",
"datePublished": "2019-09-06T21:25:04",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3609 (GCVE-0-2009-3609)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "37028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:8134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "oval:org.mitre.oval:def:11043",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name": "ADV-2009-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
},
{
"name": "xpdf-imagestream-dos(53800)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "RHSA-2009:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "RHSA-2009:1513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name": "37034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37034"
},
{
"name": "37023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37023"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "37051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37051"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37061"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name": "RHSA-2010:0755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "MDVSA-2009:334",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "37028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:8134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "oval:org.mitre.oval:def:11043",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name": "ADV-2009-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
},
{
"name": "xpdf-imagestream-dos(53800)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "RHSA-2009:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "RHSA-2009:1513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name": "37034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37034"
},
{
"name": "37023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37023"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "37051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37051"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37061"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name": "RHSA-2010:0755",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "MDVSA-2009:334",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3609",
"datePublished": "2009-10-21T17:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13287 (GCVE-0-2019-13287)
Vulnerability from cvelistv5
Published
2019-07-04 21:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T21:14:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust",
"refsource": "MISC",
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13287",
"datePublished": "2019-07-04T21:06:50",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16115 (GCVE-0-2019-16115)
Vulnerability from cvelistv5
Published
2019-09-08 21:47
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-08T21:47:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41872",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16115",
"datePublished": "2019-09-08T21:47:57",
"dateReserved": "2019-09-08T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0800 (GCVE-0-2009-0800)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:11323",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:11323",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0800",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3608 (GCVE-0-2009-3608)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "DSA-1941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
},
{
"name": "[oss-security] 20091201 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"name": "37028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "[oss-security] 20091130 Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name": "ADV-2009-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "xpdf-objectstream-bo(53794)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "RHSA-2009:1513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name": "37034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37034"
},
{
"name": "[oss-security] 20091130 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "37051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37051"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "37061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37061"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-016.html"
},
{
"name": "oval:org.mitre.oval:def:9536",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name": "MDVSA-2009:334",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "DSA-1941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
},
{
"name": "[oss-security] 20091201 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"name": "37028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "[oss-security] 20091130 Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name": "ADV-2009-2926",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "xpdf-objectstream-bo(53794)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "RHSA-2009:1513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name": "37034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37034"
},
{
"name": "[oss-security] 20091130 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "37051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37051"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "37061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37061"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-016.html"
},
{
"name": "oval:org.mitre.oval:def:9536",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name": "MDVSA-2009:334",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3608",
"datePublished": "2009-10-21T17:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1180 (GCVE-0-2009-1180)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "oval:org.mitre.oval:def:9926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "oval:org.mitre.oval:def:9926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1180",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24107 (GCVE-0-2022-24107)
Vulnerability from cvelistv5
Published
2022-08-30 03:04
Modified
2024-09-17 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24107",
"datePublished": "2022-08-30T03:04:49.762010Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-17T02:42:28.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13283 (GCVE-0-2019-13283)
Vulnerability from cvelistv5
Published
2019-07-04 19:48
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41843"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41843"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41843",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41843"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13283",
"datePublished": "2019-07-04T19:48:23",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0799 (GCVE-0-2009-0799)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10204",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204"
},
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "1022072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022072"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10204",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204"
},
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "1022072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022072"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0799",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24106 (GCVE-0-2022-24106)
Vulnerability from cvelistv5
Published
2022-08-30 03:05
Modified
2024-09-16 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the \u0027interleaved\u0027 flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24106",
"datePublished": "2022-08-30T03:05:08.438053Z",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-09-16T19:15:21.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12360 (GCVE-0-2019-12360)
Vulnerability from cvelistv5
Published
2019-05-27 22:01
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:39.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41801"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2020-f34d97b1fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/"
},
{
"name": "FEDORA-2020-de27bb80af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-05T03:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41801"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2020-f34d97b1fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/"
},
{
"name": "FEDORA-2020-de27bb80af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41801",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41801"
},
{
"name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"name": "FEDORA-2020-f34d97b1fd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/"
},
{
"name": "FEDORA-2020-de27bb80af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12360",
"datePublished": "2019-05-27T22:01:33",
"dateReserved": "2019-05-27T00:00:00",
"dateUpdated": "2024-08-04T23:17:39.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3606 (GCVE-0-2009-3606)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:11.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "37042",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "DSA-1941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "[oss-security] 20091201 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "oval:org.mitre.oval:def:11289",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289"
},
{
"name": "[oss-security] 20091130 Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "oval:org.mitre.oval:def:7836",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "xpdf-psoutputdev-bo(53798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53798"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "RHSA-2009:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "37023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37023"
},
{
"name": "[oss-security] 20091130 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "37042",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "DSA-1941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "[oss-security] 20091201 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61"
},
{
"name": "RHSA-2009:1501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "oval:org.mitre.oval:def:11289",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289"
},
{
"name": "[oss-security] 20091130 Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "oval:org.mitre.oval:def:7836",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836"
},
{
"name": "37077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "xpdf-psoutputdev-bo(53798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53798"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "37037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37037"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "RHSA-2009:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "37023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37023"
},
{
"name": "[oss-security] 20091130 Re: Need more information on recent poppler issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3606",
"datePublished": "2009-10-21T17:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:11.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0764 (GCVE-0-2011-0764)
Vulnerability from cvelistv5
Published
2011-03-31 22:00
Modified
2024-08-06 22:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2012:002",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:002"
},
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "47347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47347"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "xpdf-t1lib-code-execution(66208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66208"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "46941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46941"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "USN-1316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1316-1"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "MDVSA-2012:002",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:002"
},
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "47347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47347"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "xpdf-t1lib-code-execution(66208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66208"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "46941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46941"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "USN-1316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1316-1"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:002",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:002"
},
{
"name": "43823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43823"
},
{
"name": "47347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47347"
},
{
"name": "48985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8171"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "xpdf-t1lib-code-execution(66208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66208"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "http://www.foolabs.com/xpdf/download.html",
"refsource": "CONFIRM",
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "46941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46941"
},
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "USN-1316-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1316-1"
},
{
"name": "VU#376500",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0764",
"datePublished": "2011-03-31T22:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13282 (GCVE-0-2019-13282)
Vulnerability from cvelistv5
Published
2019-07-04 19:48
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41842"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41842"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41842",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41842"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13282",
"datePublished": "2019-07-04T19:48:09",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14288 (GCVE-0-2019-14288)
Vulnerability from cvelistv5
Published
2019-07-27 18:39
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"one byte per line\" case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:39:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"one byte per line\" case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14288",
"datePublished": "2019-07-27T18:39:45",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17064 (GCVE-0-2019-17064)
Vulnerability from cvelistv5
Published
2019-10-01 15:22
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html"
},
{
"name": "FEDORA-2019-b890d4aad2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/"
},
{
"name": "FEDORA-2019-224d8cb07a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-10T04:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html"
},
{
"name": "FEDORA-2019-b890d4aad2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/"
},
{
"name": "FEDORA-2019-224d8cb07a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41890",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41890"
},
{
"name": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html"
},
{
"name": "FEDORA-2019-b890d4aad2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/"
},
{
"name": "FEDORA-2019-224d8cb07a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17064",
"datePublished": "2019-10-01T15:22:44",
"dateReserved": "2019-10-01T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13289 (GCVE-0-2019-13289)
Vulnerability from cvelistv5
Published
2019-07-04 21:07
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T21:07:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream",
"refsource": "MISC",
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13289",
"datePublished": "2019-07-04T21:07:06",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0195 (GCVE-0-2009-0195)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-18/"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502759/100/0/threaded"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "oval:org.mitre.oval:def:10076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502762/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-17/"
},
{
"name": "34791",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-18/"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502759/100/0/threaded"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "oval:org.mitre.oval:def:10076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502762/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-17/"
},
{
"name": "34791",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2009-18/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-18/"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502759/100/0/threaded"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "oval:org.mitre.oval:def:10076",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502762/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2009-17/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-17/"
},
{
"name": "34791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-0195",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0146 (GCVE-0-2009-0146)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "oval:org.mitre.oval:def:9632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632"
},
{
"name": "GLSA-200904-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "oval:org.mitre.oval:def:9632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632"
},
{
"name": "GLSA-200904-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "oval:org.mitre.oval:def:9632",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632"
},
{
"name": "GLSA-200904-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=263028",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490612",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0059",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0146",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1553 (GCVE-0-2011-1553)
Vulnerability from cvelistv5
Published
2011-03-31 23:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8171"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "http://www.foolabs.com/xpdf/download.html",
"refsource": "CONFIRM",
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1553",
"datePublished": "2011-03-31T23:00:00",
"dateReserved": "2011-03-31T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0166 (GCVE-0-2009-0166)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9778",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9778",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0166",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12493 (GCVE-0-2019-12493)
Vulnerability from cvelistv5
Published
2019-05-31 01:12
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41806"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41806"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41806",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41806"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12493",
"datePublished": "2019-05-31T01:12:02",
"dateReserved": "2019-05-30T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40226 (GCVE-0-2021-40226)
Vulnerability from cvelistv5
Published
2022-11-10 00:00
Modified
2025-05-01 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xpdfreader 4.03 is vulnerable to Buffer Overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42185"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-40226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T17:56:37.854869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T17:57:08.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xpdfreader 4.03 is vulnerable to Buffer Overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42185"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40226",
"datePublished": "2022-11-10T00:00:00.000Z",
"dateReserved": "2021-08-30T00:00:00.000Z",
"dateUpdated": "2025-05-01T17:57:08.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3603 (GCVE-0-2009-3603)
Vulnerability from cvelistv5
Published
2009-10-21 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "xpdf-splashbitmap-bo(53793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53793"
},
{
"name": "37034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37034"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
},
{
"name": "oval:org.mitre.oval:def:9671",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "FEDORA-2010-1377",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "37114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37114"
},
{
"name": "1023029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "USN-850-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "FEDORA-2010-1842",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "xpdf-splashbitmap-bo(53793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53793"
},
{
"name": "37034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37034"
},
{
"name": "ADV-2009-2924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
},
{
"name": "oval:org.mitre.oval:def:9671",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671"
},
{
"name": "36703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3603",
"datePublished": "2009-10-21T17:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1182 (GCVE-0-2009-1182)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "oval:org.mitre.oval:def:10735",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "oval:org.mitre.oval:def:10735",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1182",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13281 (GCVE-0-2019-13281)
Vulnerability from cvelistv5
Published
2019-07-04 19:47
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41841"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41841"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41841",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41841"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13281",
"datePublished": "2019-07-04T19:47:55",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1183 (GCVE-0-2009-1183)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "1022072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022072"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495899"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "oval:org.mitre.oval:def:10769",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "1022072",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022072"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495899"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "oval:org.mitre.oval:def:10769",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1183",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1179 (GCVE-0-2009-1179)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495889"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022073"
},
{
"name": "oval:org.mitre.oval:def:11892",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "RHSA-2009:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "FEDORA-2009-6972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35618"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495889"
},
{
"name": "RHSA-2009:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "34746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022073"
},
{
"name": "oval:org.mitre.oval:def:11892",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1179",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14290 (GCVE-0-2019-14290)
Vulnerability from cvelistv5
Published
2019-07-27 18:39
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:39:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14290",
"datePublished": "2019-07-27T18:39:58",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14292 (GCVE-0-2019-14292)
Vulnerability from cvelistv5
Published
2019-07-27 18:40
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:40:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14292",
"datePublished": "2019-07-27T18:40:12",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14293 (GCVE-0-2019-14293)
Vulnerability from cvelistv5
Published
2019-07-27 18:40
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:40:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14293",
"datePublished": "2019-07-27T18:40:18",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12515 (GCVE-0-2019-12515)
Vulnerability from cvelistv5
Published
2019-06-01 23:39
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar",
"refsource": "MISC",
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12515",
"datePublished": "2019-06-01T23:39:32",
"dateReserved": "2019-06-01T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0165 (GCVE-0-2009-0165)
Vulnerability from cvelistv5
Published
2009-04-23 19:11
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "multiple-jbig2-unspecified(50377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50377"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to \"g*allocn.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1793",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "SSA:2009-129-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"name": "34568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "SUSE-SA:2009:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "34991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "multiple-jbig2-unspecified(50377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50377"
},
{
"name": "34852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "34959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to \"g*allocn.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=263028",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "multiple-jbig2-unspecified(50377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50377"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0165",
"datePublished": "2009-04-23T19:11:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1144 (GCVE-0-2009-1144)
Vulnerability from cvelistv5
Published
2009-04-09 15:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34610"
},
{
"name": "GLSA-200904-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=242930"
},
{
"name": "34401",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34401"
},
{
"name": "53529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34610"
},
{
"name": "GLSA-200904-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=242930"
},
{
"name": "34401",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34401"
},
{
"name": "53529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34610"
},
{
"name": "GLSA-200904-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-07.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=200023",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200023"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=242930",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=242930"
},
{
"name": "34401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34401"
},
{
"name": "53529",
"refsource": "OSVDB",
"url": "http://osvdb.org/53529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1144",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9589 (GCVE-0-2019-9589)
Vulnerability from cvelistv5
Published
2019-03-06 08:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41262",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9589",
"datePublished": "2019-03-06T08:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13288 (GCVE-0-2019-13288)
Vulnerability from cvelistv5
Published
2019-07-04 21:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T21:06:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj",
"refsource": "MISC",
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13288",
"datePublished": "2019-07-04T21:06:59",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15860 (GCVE-0-2019-15860)
Vulnerability from cvelistv5
Published
2019-09-03 06:39
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:30.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T06:39:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666",
"refsource": "MISC",
"url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15860",
"datePublished": "2019-09-03T06:39:23",
"dateReserved": "2019-09-03T00:00:00",
"dateUpdated": "2024-08-05T01:03:30.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1552 (GCVE-0-2011-1552)
Vulnerability from cvelistv5
Published
2011-03-31 23:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8171"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "http://www.foolabs.com/xpdf/download.html",
"refsource": "CONFIRM",
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1552",
"datePublished": "2011-03-31T23:00:00",
"dateReserved": "2011-03-31T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13286 (GCVE-0-2019-13286)
Vulnerability from cvelistv5
Published
2019-07-04 21:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg",
"refsource": "MISC",
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13286",
"datePublished": "2019-07-04T21:06:41",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9587 (GCVE-0-2019-9587)
Vulnerability from cvelistv5
Published
2019-03-06 08:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263"
},
{
"name": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9587",
"datePublished": "2019-03-06T08:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14289 (GCVE-0-2019-14289)
Vulnerability from cvelistv5
Published
2019-07-27 18:39
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"multiple bytes per line\" case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:39:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"multiple bytes per line\" case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14289",
"datePublished": "2019-07-27T18:39:51",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3704 (GCVE-0-2010-3704)
Vulnerability from cvelistv5
Published
2010-11-05 17:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-16662",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"name": "RHSA-2010:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
},
{
"name": "MDVSA-2010:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "MDVSA-2010:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "FEDORA-2010-15981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"name": "ADV-2010-2897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "43841",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43841"
},
{
"name": "DSA-2135",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-16662",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"name": "FEDORA-2010-15857",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"name": "RHSA-2010:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"name": "42357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42357"
},
{
"name": "MDVSA-2010:228",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"name": "ADV-2011-0230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "RHSA-2010:0752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
},
{
"name": "MDVSA-2010:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "MDVSA-2010:231",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"name": "FEDORA-2010-16705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"name": "SSA:2010-324-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"name": "RHSA-2010:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "42141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42141"
},
{
"name": "FEDORA-2010-15911",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "USN-1005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"name": "RHSA-2010:0749",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"name": "FEDORA-2010-15981",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"name": "FEDORA-2010-16744",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"name": "ADV-2010-2897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"name": "42691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42691"
},
{
"name": "DSA-2119",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "MDVSA-2010:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"name": "43841",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43841"
},
{
"name": "DSA-2135",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43079"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3704",
"datePublished": "2010-11-05T17:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1554 (GCVE-0-2011-1554)
Vulnerability from cvelistv5
Published
2011-03-31 23:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8171"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "http://www.foolabs.com/xpdf/download.html",
"refsource": "CONFIRM",
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1554",
"datePublished": "2011-03-31T23:00:00",
"dateReserved": "2011-03-31T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13291 (GCVE-0-2019-13291)
Vulnerability from cvelistv5
Published
2019-07-04 21:07
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T21:07:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41818",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13291",
"datePublished": "2019-07-04T21:07:21",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12957 (GCVE-0-2019-12957)
Vulnerability from cvelistv5
Published
2019-06-24 23:27
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41813"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T20:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41813"
},
{
"name": "FEDORA-2019-a457286734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41813",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41813"
},
{
"name": "FEDORA-2019-a457286734",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"name": "FEDORA-2019-01da705767",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"name": "FEDORA-2019-759ba8202b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12957",
"datePublished": "2019-06-24T23:27:17",
"dateReserved": "2019-06-24T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14291 (GCVE-0-2019-14291)
Vulnerability from cvelistv5
Published
2019-07-27 18:40
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-27T18:40:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14291",
"datePublished": "2019-07-27T18:40:04",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-03-06 08:29
Modified
2024-11-21 04:51
Severity ?
Summary
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5C7A67-81A3-4BD3-A495-2F75C68F33EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "En la versi\u00f3n 4.01 de Xpdf, hay un acceso de memoria inv\u00e1lida en gAtomicIncrement() en GMutex.h Puede desencadenarse mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdftops. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado."
}
],
"id": "CVE-2019-9588",
"lastModified": "2024-11-21T04:51:54.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-06T08:29:00.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41261"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37034 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37053 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37054 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37114 | ||
| secalert@redhat.com | http://secunia.com/advisories/37159 | ||
| secalert@redhat.com | http://secunia.com/advisories/39327 | ||
| secalert@redhat.com | http://secunia.com/advisories/39938 | ||
| secalert@redhat.com | http://securitytracker.com/id?1023029 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2925 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526915 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53793 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37034 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37053 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2925 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526915 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| poppler | poppler | 0.10.5 | |
| poppler | poppler | 0.10.6 | |
| poppler | poppler | 0.10.7 | |
| poppler | poppler | 0.11.0 | |
| poppler | poppler | 0.11.1 | |
| poppler | poppler | 0.11.2 | |
| poppler | poppler | 0.11.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C16CA37E-F28E-47E6-B77B-4CB0A859F831",
"versionEndIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n SplashBitmap::SplashBitmap en Xpdf v3.x anterior a v3.02pl4 y Poppler anteior a v0.12.1, podr\u00eda permitir a atacantes remotos la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap). NOTA: algunos detalles han sido obtenidos a partir de informaci\u00f3n de terceros. Esta vulnerabilidad existe por un correcci\u00f3n incompleta de CVE-2009-1188."
}
],
"id": "CVE-2009-3603",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-21T17:30:00.280",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37034"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37054"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53793"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-02 00:29
Modified
2024-11-21 04:23
Severity ?
Summary
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en la funci\u00f3n FlateStream::getChar() ubicada en el archivo Stream.cc en Xpdf versi\u00f3n 4.01.01. Por ejemplo, puede activarse enviando un documento PDF creado para la herramienta pdftoppm. Podr\u00eda permitir que un atacante genere una Divulgaci\u00f3n de Informaci\u00f3n o una Denegaci\u00f3n de Servicio (DoS)."
}
],
"id": "CVE-2019-12515",
"lastModified": "2024-11-21T04:23:00.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-02T00:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-06 22:15
Modified
2024-11-21 04:30
Severity ?
Summary
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 3.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "14690D90-EA3F-45B2-B474-F3F51ABCC3D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc."
},
{
"lang": "es",
"value": "Xpdf versi\u00f3n 3.04 tiene un SIGSEGV en XRef::fetch en XRef.cc tras numerosas llamadas recursivas a Catalog::countPageTree en Catalog.cc."
}
],
"id": "CVE-2019-16088",
"lastModified": "2024-11-21T04:30:00.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-06T22:15:11.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 22:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, la funci\u00f3n Parser::getObj() en el archivo Parser.cc puede causar una recursi\u00f3n infinita por medio de un archivo creado. Un atacante remoto puede aprovechar esto para un ataque de DoS. Esto es similar al CVE-2018-16646."
}
],
"id": "CVE-2019-13288",
"lastModified": "2024-11-21T04:24:37.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T22:15:10.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-27 23:29
Modified
2024-11-21 04:22
Severity ?
Summary
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801 | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content."
},
{
"lang": "es",
"value": "existe un una sobrelectura de b\u00fafer basada en pila en la funci\u00f3n FoFiTrueType::dumpString en el archivo fofi/FoFiTrueType.cc en Xpdf versi\u00f3n 4.01.01. Por ejemplo, puede activarse enviando datos TrueType en un documento PDF a la herramienta pdftops. Podr\u00eda permitir que un atacante cause la Denegaci\u00f3n de Servicio o filtre datos de la memoria hacia el volcado de contenido."
}
],
"id": "CVE-2019-12360",
"lastModified": "2024-11-21T04:22:40.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-27T23:29:00.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41801"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | Vendor Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | Patch | |
| secalert@redhat.com | http://www.securitytracker.com/id?1022072 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "El decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una vulnerabilidad de lectura fuera de l\u00edmites."
}
],
"id": "CVE-2009-0799",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.703",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022072"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=495886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "In Xpdf versi\u00f3n 4.01.01, se podr\u00eda desencadenar una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n en SampledFunction::transform en Function.cc cuando se utiliza un \u00edndice grande para muestras. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftotext. Permite a un atacante usar un archivo pdf creado para provocar la denegaci\u00f3n de servicio o una fuga de informaci\u00f3n, o posiblemente tener otro impacto no especificado."
}
],
"id": "CVE-2019-13282",
"lastModified": "2024-11-21T04:24:37.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T20:15:10.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41842"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"one byte per line\" case."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta un desbordamiento de enteros en la funci\u00f3n JBIG2Bitmap::combine en el archivo JBIG2Stream.cc para el caso \"one byte per line\"."
}
],
"id": "CVE-2019-14288",
"lastModified": "2024-11-21T04:26:22.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| cve@mitre.org | http://secunia.com/advisories/43823 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48985 | ||
| cve@mitre.org | http://securityreason.com/securityalert/8171 | ||
| cve@mitre.org | http://securitytracker.com/id?1025266 | ||
| cve@mitre.org | http://www.foolabs.com/xpdf/download.html | Patch | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| cve@mitre.org | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201701-57 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43823 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48985 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025266 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.foolabs.com/xpdf/download.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-57 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| t1lib | t1lib | * | |
| t1lib | t1lib | 0.1 | |
| t1lib | t1lib | 0.2 | |
| t1lib | t1lib | 0.3 | |
| t1lib | t1lib | 0.4 | |
| t1lib | t1lib | 0.5 | |
| t1lib | t1lib | 0.6 | |
| t1lib | t1lib | 0.7 | |
| t1lib | t1lib | 0.8 | |
| t1lib | t1lib | 0.9 | |
| t1lib | t1lib | 0.9.1 | |
| t1lib | t1lib | 0.9.2 | |
| t1lib | t1lib | 1.0 | |
| t1lib | t1lib | 1.0.1 | |
| t1lib | t1lib | 1.1.0 | |
| t1lib | t1lib | 1.1.1 | |
| t1lib | t1lib | 1.2 | |
| t1lib | t1lib | 1.3 | |
| t1lib | t1lib | 1.3.1 | |
| t1lib | t1lib | 5.0.0 | |
| t1lib | t1lib | 5.0.1 | |
| t1lib | t1lib | 5.0.2 | |
| t1lib | t1lib | 5.1.0 | |
| t1lib | t1lib | 5.1.1 | |
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| foolabs | xpdf | 3.02pl4 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA05E50-C6D3-4F92-A015-CB181020557A",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "B856C29C-4179-4173-87D3-1BDCC6933327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1EECD4E-4531-4C1D-B7F1-B5B20F79A22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "D3727A7B-2683-4D70-937F-514D38D13FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "C5E84F55-E912-424B-BC7A-8FDDD4BA0591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "C46D7084-80F5-45E5-8CBC-078D95860E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "0738DF6D-C493-4DD5-95E1-7701AA50453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "D2D7BF42-D227-460D-A90F-1E128108DB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "FC63023C-69D1-4A1D-9690-BB2FF9A209B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0A2CB-0A7B-4D06-82E3-6F949C3CE1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49D5478-E590-4A7C-ABFE-F9E7EC9BF5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0BDE2-1FF2-48BF-B7BB-4AE4AF236474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25CF5EAD-E543-4E81-AF2B-C8D9C45F0AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B6D3-8BBB-4202-89DD-12DF3FCAB0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85813410-9E44-4A60-907D-AE89A3F38AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C09173A5-2FC3-46C8-80A1-5D721FBBF6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19AAEE8C-4013-4C1D-A19D-09549CAFF751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCED8EF-18BE-4820-A9D5-8CE82F9D2A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97E9F2F4-63A3-4DBF-9605-C3767ADB55EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C8A4F-D65B-4C46-9BDA-B13A864F40AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FE8F44-ADE5-4B4F-96F2-37E2F474B5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43839A3D-655A-4CA0-BB28-F8FDE95649BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE28F24A-FA4C-476E-87D3-1745E2F507F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19DEB3FD-98C7-4288-9654-436B511C58AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "48541241-2EA4-4559-BB29-47A7B3466C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764."
},
{
"lang": "es",
"value": "t1lib v5.1.2 y versiones anteriores, utilizando en Xpdf anterior a v3.02pl6 y otros productos, realiza lecturas desde posiciones de memoria inv\u00e1lidas, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una fuente Tipo 1 en un documento PDF, un vulnerabilidad diferente a CVE-2011-0764.\r\n"
}
],
"id": "CVE-2011-1552",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-31T23:55:00.740",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 22:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, presenta una vulnerabilidad de lectura fuera de l\u00edmites en la funci\u00f3n SplashXPath::strokeAdjust() ubicada en el archivo splash/SplashXPath.cc. Por ejemplo, puede ser activada enviando un documento PDF creado a la herramienta pdftoppm. Podr\u00eda permitir a un atacante causar una Divulgaci\u00f3n de Informaci\u00f3n. Esto est\u00e1 relacionado al CVE-2018-16368."
}
],
"id": "CVE-2019-13287",
"lastModified": "2024-11-21T04:24:37.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T22:15:10.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| cve@mitre.org | http://secunia.com/advisories/43823 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48985 | ||
| cve@mitre.org | http://securityreason.com/securityalert/8171 | ||
| cve@mitre.org | http://securitytracker.com/id?1025266 | ||
| cve@mitre.org | http://www.foolabs.com/xpdf/download.html | Patch | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| cve@mitre.org | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201701-57 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43823 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48985 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025266 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.foolabs.com/xpdf/download.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-57 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| t1lib | t1lib | * | |
| t1lib | t1lib | 0.1 | |
| t1lib | t1lib | 0.2 | |
| t1lib | t1lib | 0.3 | |
| t1lib | t1lib | 0.4 | |
| t1lib | t1lib | 0.5 | |
| t1lib | t1lib | 0.6 | |
| t1lib | t1lib | 0.7 | |
| t1lib | t1lib | 0.8 | |
| t1lib | t1lib | 0.9 | |
| t1lib | t1lib | 0.9.1 | |
| t1lib | t1lib | 0.9.2 | |
| t1lib | t1lib | 1.0 | |
| t1lib | t1lib | 1.0.1 | |
| t1lib | t1lib | 1.1.0 | |
| t1lib | t1lib | 1.1.1 | |
| t1lib | t1lib | 1.2 | |
| t1lib | t1lib | 1.3 | |
| t1lib | t1lib | 1.3.1 | |
| t1lib | t1lib | 5.0.0 | |
| t1lib | t1lib | 5.0.1 | |
| t1lib | t1lib | 5.0.2 | |
| t1lib | t1lib | 5.1.0 | |
| t1lib | t1lib | 5.1.1 | |
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| foolabs | xpdf | 3.02pl4 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA05E50-C6D3-4F92-A015-CB181020557A",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "B856C29C-4179-4173-87D3-1BDCC6933327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1EECD4E-4531-4C1D-B7F1-B5B20F79A22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "D3727A7B-2683-4D70-937F-514D38D13FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "C5E84F55-E912-424B-BC7A-8FDDD4BA0591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "C46D7084-80F5-45E5-8CBC-078D95860E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "0738DF6D-C493-4DD5-95E1-7701AA50453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "D2D7BF42-D227-460D-A90F-1E128108DB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "FC63023C-69D1-4A1D-9690-BB2FF9A209B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0A2CB-0A7B-4D06-82E3-6F949C3CE1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49D5478-E590-4A7C-ABFE-F9E7EC9BF5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0BDE2-1FF2-48BF-B7BB-4AE4AF236474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25CF5EAD-E543-4E81-AF2B-C8D9C45F0AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B6D3-8BBB-4202-89DD-12DF3FCAB0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85813410-9E44-4A60-907D-AE89A3F38AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C09173A5-2FC3-46C8-80A1-5D721FBBF6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19AAEE8C-4013-4C1D-A19D-09549CAFF751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCED8EF-18BE-4820-A9D5-8CE82F9D2A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97E9F2F4-63A3-4DBF-9605-C3767ADB55EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C8A4F-D65B-4C46-9BDA-B13A864F40AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FE8F44-ADE5-4B4F-96F2-37E2F474B5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43839A3D-655A-4CA0-BB28-F8FDE95649BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE28F24A-FA4C-476E-87D3-1745E2F507F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19DEB3FD-98C7-4288-9654-436B511C58AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "48541241-2EA4-4559-BB29-47A7B3466C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764."
},
{
"lang": "es",
"value": "Error Off-by-one en t1lib v5.1.2 y anteriores, como se usaba en Xpdf anterior a v3.02pl6 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un documento PDF que contiene una fuente manipulada Tipo 1 y que provoca una lectura incorrecta de memoria, un desbordamiento de entero, y una desreferencia inv\u00e1lida a puntero, una vulnerabilidad diferente de CVE-2011-0764."
}
],
"id": "CVE-2011-1554",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-31T23:55:00.880",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 | ||
| secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| secalert@redhat.com | http://secunia.com/advisories/37023 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37028 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37042 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37053 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37079 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37114 | ||
| secalert@redhat.com | http://secunia.com/advisories/37159 | ||
| secalert@redhat.com | http://secunia.com/advisories/39327 | ||
| secalert@redhat.com | http://secunia.com/advisories/39938 | ||
| secalert@redhat.com | http://securitytracker.com/id?1023029 | ||
| secalert@redhat.com | http://site.pi3.com.pl/adv/xpdf.txt | Exploit | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526911 | Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53795 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37023 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37028 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37042 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37053 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37079 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://site.pi3.com.pl/adv/xpdf.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526911 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53795 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gpdf | * | |
| kde | kpdf | * | |
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| poppler | poppler | 0.10.5 | |
| poppler | poppler | 0.10.6 | |
| poppler | poppler | 0.10.7 | |
| poppler | poppler | 0.11.0 | |
| poppler | poppler | 0.11.1 | |
| poppler | poppler | 0.11.2 | |
| poppler | poppler | 0.11.3 | |
| poppler | poppler | 0.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n Splash.cc en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF y GPdf, no asigna la memoria adecuadamente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y probablemente, la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2009-3604",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-21T17:30:00.313",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2"
},
{
"source": "secalert@redhat.com",
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37028"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37042"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37079"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://site.pi3.com.pl/adv/xpdf.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://site.pi3.com.pl/adv/xpdf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 22:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41818 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41818 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, se presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n DCTStream::readScan() ubicada en el archivo Stream.cc. Por ejemplo, puede ser activada enviando un documento PDF creado a la herramienta pdftops. Podr\u00eda permitir a un atacante causar una Divulgaci\u00f3n de Informaci\u00f3n."
}
],
"id": "CVE-2019-13291",
"lastModified": "2024-11-21T04:24:38.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T22:15:10.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61 | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| secalert@redhat.com | http://secunia.com/advisories/37023 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37042 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37053 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37159 | ||
| secalert@redhat.com | http://secunia.com/advisories/39327 | ||
| secalert@redhat.com | http://secunia.com/advisories/39938 | ||
| secalert@redhat.com | http://securitytracker.com/id?1023029 | Patch | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1941 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/1 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/5 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/6 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526877 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53798 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | Vendor Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37023 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37042 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37053 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526877 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53798 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| poppler | poppler | 0.10.5 | |
| poppler | poppler | 0.10.6 | |
| poppler | poppler | 0.10.7 | |
| poppler | poppler | 0.11.0 | |
| poppler | poppler | 0.11.1 | |
| poppler | poppler | 0.11.2 | |
| poppler | poppler | 0.11.3 | |
| poppler | poppler | 0.12.0 | |
| kde | kpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n PSOutputDev::doImageL1Sep en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF, podr\u00eda permitir a atacantes remotos la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2009-3606",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-21T17:30:00.343",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37042"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53798"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| cret@cert.org | http://secunia.com/advisories/43823 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/47347 | ||
| cret@cert.org | http://secunia.com/advisories/48985 | ||
| cret@cert.org | http://securityreason.com/securityalert/8171 | ||
| cret@cert.org | http://securitytracker.com/id?1025266 | ||
| cret@cert.org | http://www.foolabs.com/xpdf/download.html | Patch | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:002 | ||
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| cret@cert.org | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| cret@cert.org | http://www.securityfocus.com/bid/46941 | ||
| cret@cert.org | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| cret@cert.org | http://www.ubuntu.com/usn/USN-1316-1 | ||
| cret@cert.org | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/66208 | ||
| cret@cert.org | https://security.gentoo.org/glsa/201701-57 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43823 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47347 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48985 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025266 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.foolabs.com/xpdf/download.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:002 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1316-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66208 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-57 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| t1lib | t1lib | * | |
| t1lib | t1lib | 0.1 | |
| t1lib | t1lib | 0.2 | |
| t1lib | t1lib | 0.3 | |
| t1lib | t1lib | 0.4 | |
| t1lib | t1lib | 0.5 | |
| t1lib | t1lib | 0.6 | |
| t1lib | t1lib | 0.7 | |
| t1lib | t1lib | 0.8 | |
| t1lib | t1lib | 0.9 | |
| t1lib | t1lib | 0.9.1 | |
| t1lib | t1lib | 0.9.2 | |
| t1lib | t1lib | 1.0 | |
| t1lib | t1lib | 1.0.1 | |
| t1lib | t1lib | 1.1.0 | |
| t1lib | t1lib | 1.1.1 | |
| t1lib | t1lib | 1.2 | |
| t1lib | t1lib | 1.3 | |
| t1lib | t1lib | 1.3.1 | |
| t1lib | t1lib | 5.0.0 | |
| t1lib | t1lib | 5.0.1 | |
| t1lib | t1lib | 5.0.2 | |
| t1lib | t1lib | 5.1.0 | |
| t1lib | t1lib | 5.1.1 | |
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| foolabs | xpdf | 3.02pl4 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA05E50-C6D3-4F92-A015-CB181020557A",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "B856C29C-4179-4173-87D3-1BDCC6933327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1EECD4E-4531-4C1D-B7F1-B5B20F79A22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "D3727A7B-2683-4D70-937F-514D38D13FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "C5E84F55-E912-424B-BC7A-8FDDD4BA0591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "C46D7084-80F5-45E5-8CBC-078D95860E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "0738DF6D-C493-4DD5-95E1-7701AA50453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "D2D7BF42-D227-460D-A90F-1E128108DB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "FC63023C-69D1-4A1D-9690-BB2FF9A209B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0A2CB-0A7B-4D06-82E3-6F949C3CE1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49D5478-E590-4A7C-ABFE-F9E7EC9BF5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0BDE2-1FF2-48BF-B7BB-4AE4AF236474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25CF5EAD-E543-4E81-AF2B-C8D9C45F0AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B6D3-8BBB-4202-89DD-12DF3FCAB0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85813410-9E44-4A60-907D-AE89A3F38AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C09173A5-2FC3-46C8-80A1-5D721FBBF6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19AAEE8C-4013-4C1D-A19D-09549CAFF751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCED8EF-18BE-4820-A9D5-8CE82F9D2A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97E9F2F4-63A3-4DBF-9605-C3767ADB55EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C8A4F-D65B-4C46-9BDA-B13A864F40AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FE8F44-ADE5-4B4F-96F2-37E2F474B5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43839A3D-655A-4CA0-BB28-F8FDE95649BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE28F24A-FA4C-476E-87D3-1745E2F507F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19DEB3FD-98C7-4288-9654-436B511C58AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "48541241-2EA4-4559-BB29-47A7B3466C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf."
},
{
"lang": "es",
"value": "t1lib v5.1.2 y versiones anteriores, utilizado en Xpdf anterior a v3.02pl6 y otros productos, utiliza un puntero no v\u00e1lido en una operaci\u00f3n de eliminaci\u00f3n de referencias, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fuente Tipo 1 manipulada en un documento PDF, como lo demuestra el testz.2184122398.pdf"
}
],
"id": "CVE-2011-0764",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-31T22:55:02.553",
"references": [
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/47347"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "cret@cert.org",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "cret@cert.org",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:002"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/46941"
},
{
"source": "cret@cert.org",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/USN-1316-1"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66208"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1316-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-57"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-31 02:29
Modified
2024-11-21 04:22
Severity ?
Summary
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data."
},
{
"lang": "es",
"value": "Existe una sobre-lectura del b\u00fafer basado en la pila en PostScriptFunction :: transform en Function.cc en Xpdf 4.01.01 porque GfxSeparationColorSpace y GfxDeviceNColorSpace maneja de forma incorrecta tint transform funciona. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftops. Podr\u00eda permitir que un atacante cause la denegaci\u00f3n de servicio o fuga de datos de la memoria."
}
],
"id": "CVE-2019-12493",
"lastModified": "2024-11-21T04:22:57.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-31T02:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41806"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=263028 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| cve@mitre.org | http://secunia.com/advisories/34291 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34481 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34755 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34756 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34852 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34959 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34963 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34991 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35037 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35064 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35065 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35074 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35618 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35685 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200904-20.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3549 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3639 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0059 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0061 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1790 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1793 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/502750/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/502761/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34568 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022073 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1297 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1621 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=490614 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=263028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35074 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200904-20.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3549 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0061 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502750/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502761/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1297 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1621 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=490614 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos enteros en el decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anterior, y otros productos permiten a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg y (3) JBIG2Stream::readGenericBitmap."
}
],
"id": "CVE-2009-0147",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, se podr\u00eda desencadenar una vulnerabilidad de desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en DCTStream::decodeImage() en Stream.cc cuando se escribe en la memoria frameBuf. Esto puede, por ejemplo, activarse mediante el env\u00edo de un documento PDF especialmente dise\u00f1ado para la herramienta pdftotext tool. Permite a un atacante usar un archivo pdf creado para causar la Denegaci\u00f3n de Servicio, un filtrado de informaci\u00f3n, o posiblemente tener otro impacto no especificado."
}
],
"id": "CVE-2019-13281",
"lastModified": "2024-11-21T04:24:37.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T20:15:10.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41841"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 15:08
Modified
2025-04-09 00:30
Severity ?
Summary
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=200023 | Vendor Advisory | |
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=242930 | Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/53529 | ||
| cve@mitre.org | http://secunia.com/advisories/34610 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200904-07.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34401 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=200023 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=242930 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/53529 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34610 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200904-07.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34401 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| gentoo | gentoo_linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "069DE067-2C1D-46D3-9F5C-17921FA474B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo a la macro SYSTEM_XPDFRC no fijada en el proceso de construcci\u00f3n Gentoo, que usa la biblioteca poppler."
}
],
"id": "CVE-2009-1144",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-09T15:08:35.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200023"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=242930"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53529"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34610"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=242930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34401"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 00:15
Modified
2024-11-21 04:23
Severity ?
Summary
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, una lectura excesiva del b\u00fafer podr\u00eda activarse en la funci\u00f3n FoFiType1C::convertToType1 en el archivo fofi/FoFiType1C.cc cuando el n\u00famero de \u00edndice es mayor que los l\u00edmites de la matriz charset. Por ejemplo, puede activarse mediante el env\u00edo de un documento PDF creado a la herramienta pdftops. Permite a un atacante usar un archivo pdf creado para causar la denegaci\u00f3n de servicio o un filtrado de informaci\u00f3n, o posiblemente tener otro impacto no especificado."
}
],
"id": "CVE-2019-12957",
"lastModified": "2024-11-21T04:23:53.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T00:15:09.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41813"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Patch | |
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | Vendor Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | Patch | |
| secalert@redhat.com | http://www.securitytracker.com/id?1022073 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=495892 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=495892 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data."
},
{
"lang": "es",
"value": "El decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo PDF creado que desencadena una liberaci\u00f3n de datos no v\u00e1lidos."
}
],
"id": "CVE-2009-1180",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.767",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-01 16:15
Modified
2024-11-21 04:31
Severity ?
Summary
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "AC572A1B-A51C-4561-A81C-8BBB8A371DFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor."
},
{
"lang": "es",
"value": "El archivo Catalog.cc en Xpdf versi\u00f3n 4.02 tiene una desreferencia del puntero NULL porque la funci\u00f3n Catalog.pageLabels se inicializa demasiado tarde en el constructor del Cat\u00e1logo."
}
],
"id": "CVE-2019-17064",
"lastModified": "2024-11-21T04:31:38.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-01T16:15:11.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41890"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta una lectura fuera de l\u00edmites en la funci\u00f3n GfxPatchMeshShading::parse en el archivo GfxState.cc para typeA==6 caso 3."
}
],
"id": "CVE-2019-14291",
"lastModified": "2024-11-21T04:26:23.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Patch | |
| cve@mitre.org | http://secunia.com/advisories/34291 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34481 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34755 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34756 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34852 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34959 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34963 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34991 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35037 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35064 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35065 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35618 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35685 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200904-20.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0061 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/502750/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34568 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1022073 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=490625 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200904-20.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0061 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502750/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=490625 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory."
},
{
"lang": "es",
"value": "El decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, y otros productos permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una liberaci\u00f3n de memoria no inicializada."
}
],
"id": "CVE-2009-0166",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-10 18:15
Modified
2025-05-01 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
xpdfreader 4.03 is vulnerable to Buffer Overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.03:*:*:*:*:*:*:*",
"matchCriteriaId": "0046B0D6-DCD1-4C45-BFEC-6B5ED5977F90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xpdfreader 4.03 is vulnerable to Buffer Overflow."
},
{
"lang": "es",
"value": "xpdfreader 4.03 es vulnerable al desbordamiento del b\u00fafer."
}
],
"id": "CVE-2021-40226",
"lastModified": "2025-05-01T18:15:46.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-10T18:15:10.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42185"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta una lectura fuera de l\u00edmites en la funci\u00f3n GfxPatchMeshShading::parse en el archivo GfxState.cc para el typeA!=6 caso 2."
}
],
"id": "CVE-2019-14293",
"lastModified": "2024-11-21T04:26:23.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-06 08:29
Modified
2024-11-21 04:51
Severity ?
Summary
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5C7A67-81A3-4BD3-A495-2F75C68F33EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree."
},
{
"lang": "es",
"value": "En la versi\u00f3n 4.01 de Xpdf, hay un fallo del consumo de pila en md5Round1() en Decrypt.cc. Puede desencadenarse mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdfimages. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado. Esto est\u00e1 relacionado con Catalog::countPageTree."
}
],
"id": "CVE-2019-9587",
"lastModified": "2024-11-21T04:51:54.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-06T08:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37028 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37034 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37051 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37053 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37054 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37061 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37079 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37114 | ||
| secalert@redhat.com | http://secunia.com/advisories/37159 | ||
| secalert@redhat.com | http://secunia.com/advisories/39327 | ||
| secalert@redhat.com | http://secunia.com/advisories/39938 | ||
| secalert@redhat.com | http://securitytracker.com/id?1023029 | Patch | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1941 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.ocert.org/advisories/ocert-2009-016.html | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/1 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/5 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/12/01/6 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526637 | Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37028 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37034 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37051 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37053 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37061 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37079 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/advisories/ocert-2009-016.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/12/01/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526637 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| poppler | poppler | 0.10.5 | |
| poppler | poppler | 0.10.6 | |
| poppler | poppler | 0.10.7 | |
| poppler | poppler | 0.11.0 | |
| poppler | poppler | 0.11.1 | |
| poppler | poppler | 0.11.2 | |
| poppler | poppler | 0.11.3 | |
| glyph_and_cog | pdftops | * | |
| gnome | gpdf | * | |
| kde | kpdf | * | |
| tetex | tetex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C16CA37E-F28E-47E6-B77B-4CB0A859F831",
"versionEndIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1833267E-3B18-4CF8-B996-6226D5439F5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n ObjectStream::ObjectStream en XRef.cc en Xpdf y Poppler, usado en GPdf, kdegraphics KPDF, y CUPS pdftopf y teTeX, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2009-3608",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-21T17:30:00.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37028"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37034"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37051"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37061"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37079"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ocert.org/advisories/ocert-2009-016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2009-016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | Vendor Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | ||
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1022073 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=495896 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=495896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del b\u00fafer en el decodificador JBIG2 MMR en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo PDF creado."
}
],
"id": "CVE-2009-1182",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-23T17:30:01.813",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-31 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| cve@mitre.org | http://secunia.com/advisories/43823 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/48985 | ||
| cve@mitre.org | http://securityreason.com/securityalert/8171 | ||
| cve@mitre.org | http://securitytracker.com/id?1025266 | ||
| cve@mitre.org | http://www.foolabs.com/xpdf/download.html | Patch | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| cve@mitre.org | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201701-57 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43823 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48985 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025266 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.foolabs.com/xpdf/download.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/376500 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/MAPG-8ECL8X | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517205/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toucan-system.com/advisories/tssa-2011-01.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0728 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-57 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| t1lib | t1lib | * | |
| t1lib | t1lib | 0.1 | |
| t1lib | t1lib | 0.2 | |
| t1lib | t1lib | 0.3 | |
| t1lib | t1lib | 0.4 | |
| t1lib | t1lib | 0.5 | |
| t1lib | t1lib | 0.6 | |
| t1lib | t1lib | 0.7 | |
| t1lib | t1lib | 0.8 | |
| t1lib | t1lib | 0.9 | |
| t1lib | t1lib | 0.9.1 | |
| t1lib | t1lib | 0.9.2 | |
| t1lib | t1lib | 1.0 | |
| t1lib | t1lib | 1.0.1 | |
| t1lib | t1lib | 1.1.0 | |
| t1lib | t1lib | 1.1.1 | |
| t1lib | t1lib | 1.2 | |
| t1lib | t1lib | 1.3 | |
| t1lib | t1lib | 1.3.1 | |
| t1lib | t1lib | 5.0.0 | |
| t1lib | t1lib | 5.0.1 | |
| t1lib | t1lib | 5.0.2 | |
| t1lib | t1lib | 5.1.0 | |
| t1lib | t1lib | 5.1.1 | |
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| foolabs | xpdf | 3.02pl4 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA05E50-C6D3-4F92-A015-CB181020557A",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "B856C29C-4179-4173-87D3-1BDCC6933327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "A1EECD4E-4531-4C1D-B7F1-B5B20F79A22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "D3727A7B-2683-4D70-937F-514D38D13FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "C5E84F55-E912-424B-BC7A-8FDDD4BA0591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "C46D7084-80F5-45E5-8CBC-078D95860E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "0738DF6D-C493-4DD5-95E1-7701AA50453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "D2D7BF42-D227-460D-A90F-1E128108DB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "FC63023C-69D1-4A1D-9690-BB2FF9A209B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0A2CB-0A7B-4D06-82E3-6F949C3CE1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49D5478-E590-4A7C-ABFE-F9E7EC9BF5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0BDE2-1FF2-48BF-B7BB-4AE4AF236474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25CF5EAD-E543-4E81-AF2B-C8D9C45F0AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC95B6D3-8BBB-4202-89DD-12DF3FCAB0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85813410-9E44-4A60-907D-AE89A3F38AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C09173A5-2FC3-46C8-80A1-5D721FBBF6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19AAEE8C-4013-4C1D-A19D-09549CAFF751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCED8EF-18BE-4820-A9D5-8CE82F9D2A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97E9F2F4-63A3-4DBF-9605-C3767ADB55EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "400C8A4F-D65B-4C46-9BDA-B13A864F40AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FE8F44-ADE5-4B4F-96F2-37E2F474B5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43839A3D-655A-4CA0-BB28-F8FDE95649BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE28F24A-FA4C-476E-87D3-1745E2F507F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19DEB3FD-98C7-4288-9654-436B511C58AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*",
"matchCriteriaId": "48541241-2EA4-4559-BB29-47A7B3466C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764."
},
{
"lang": "es",
"value": "Vulnerabilidad liberar despu\u00e9s de usar (use-after-free) en t1lib v5.1.2 y anteriores, utilizado en Xpdf anterior a v3.02pl6 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un documento PDF con una fuente Typo 1, generando una escritura inv\u00e1lida en memoria, una vulnerabilidad diferente a CVE-2011-0764."
}
],
"id": "CVE-2011-1553",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-31T23:55:00.817",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 22:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n JBIG2Stream::readTextRegionSeg() ubicada en el archivo JBIG2Stream.cc. Por ejemplo, puede ser activada enviando un documento PDF creado a la herramienta pdftoppm. Podr\u00eda permitir a un atacante causar una Divulgaci\u00f3n de Informaci\u00f3n."
}
],
"id": "CVE-2019-13286",
"lastModified": "2024-11-21T04:24:37.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T22:15:10.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta un uso de memoria previamente liberada en la funci\u00f3n JPXStream::fillReadBuf en el archivo JPXStream.cc, debido a una lectura fuera de l\u00edmites."
}
],
"id": "CVE-2019-14294",
"lastModified": "2024-11-21T04:26:23.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | ||
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | ||
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1022073 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=495887 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=495887 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "M\u00faltiples \"Input validation flaws\" en el decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo PDF creado"
}
],
"id": "CVE-2009-0800",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-23T17:30:01.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=263028 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| cve@mitre.org | http://secunia.com/advisories/34291 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34481 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34755 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34756 | ||
| cve@mitre.org | http://secunia.com/advisories/34852 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34959 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34963 | ||
| cve@mitre.org | http://secunia.com/advisories/34991 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35037 | ||
| cve@mitre.org | http://secunia.com/advisories/35064 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35065 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35074 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35618 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35685 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200904-20.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3549 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3639 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0059 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0061 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1790 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1793 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/502750/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/502761/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34568 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022073 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1297 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1621 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=490612 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=263028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35074 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200904-20.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3549 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0061 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502750/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502761/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1297 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1621 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=490612 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del b\u00fafer en el decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, y otros productos permiten a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2SymbolDict::setBitmap y (2) JBIG2Stream::readSymbolDictSeg."
}
],
"id": "CVE-2009-0146",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34963"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35037"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-03 07:15
Modified
2024-11-21 04:29
Severity ?
Summary
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 2.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002."
},
{
"lang": "es",
"value": "Xpdf versi\u00f3n 2.00 permite un SIGSEGV en XRef::constructXRef en XRef.cc. NOTA: 2.00 es una versi\u00f3n de noviembre de 2002."
}
],
"id": "CVE-2019-15860",
"lastModified": "2024-11-21T04:29:37.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-03T07:15:10.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Exploit | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37023 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37028 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37034 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37043 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37051 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37054 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37061 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37077 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37079 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37114 | ||
| secalert@redhat.com | http://secunia.com/advisories/37159 | ||
| secalert@redhat.com | http://secunia.com/advisories/39327 | ||
| secalert@redhat.com | http://secunia.com/advisories/39938 | ||
| secalert@redhat.com | http://securitytracker.com/id?1023029 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2028 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2050 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0755.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-1 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-850-3 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0802 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1220 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=526893 | Exploit, Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37023 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37028 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37034 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37043 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37051 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37061 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37079 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37159 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39327 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39938 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023029 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0755.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36703 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-850-3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2925 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2926 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2928 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0802 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1220 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=526893 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1500.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1501.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1502.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1503.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1504.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1512.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1513.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| poppler | poppler | 0.10.5 | |
| poppler | poppler | 0.10.6 | |
| poppler | poppler | 0.10.7 | |
| poppler | poppler | 0.11.0 | |
| poppler | poppler | 0.11.1 | |
| poppler | poppler | 0.11.2 | |
| poppler | poppler | 0.11.3 | |
| glyph_and_cog | pdftops | * | |
| gnome | gpdf | * | |
| kde | kpdf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C16CA37E-F28E-47E6-B77B-4CB0A859F831",
"versionEndIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1833267E-3B18-4CF8-B996-6226D5439F5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n ImageStream::ImageStream en Stream.cc en Xpdf v3.02pl4 y Poppler v0.12.1, usado en GPdf, kdegraphics KPDF, y CUPS pdftops, permite a atacantes remotsos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de b\u00fafer fuera del l\u00edmite (over-read)."
}
],
"id": "CVE-2009-3609",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-21T17:30:00.453",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37028"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37034"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37051"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37054"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37061"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37079"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/36703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta una lectura fuera de l\u00edmites en la funci\u00f3n GfxPatchMeshShading::parse en el archivo GfxState.cc para typeA!=6 caso 1."
}
],
"id": "CVE-2019-14292",
"lastModified": "2024-11-21T04:26:23.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-08 22:15
Modified
2024-11-21 04:30
Severity ?
Summary
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41872 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41872 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact."
},
{
"lang": "es",
"value": "En Xpdf 4.01.01, podr\u00eda desencadenar una lectura insuficiente del b\u00fafer basado en pila en IdentityFunction :: transform en Function.cc, utilizado por GfxAxialShading :: getColor. Por ejemplo, puede activar enviando un documento PDF especialmente dise\u00f1ado a la herramienta pdftoppm. Permite un atacante usar un archivo PDF dise\u00f1ado para causar denegaci\u00f3n de servicio o posiblemente otro impacto no especificado."
}
],
"id": "CVE-2019-16115",
"lastModified": "2024-11-21T04:30:04.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-08T22:15:11.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, se podr\u00eda desencadenar una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n strncpy desde FoFiType1::parse en fofi/FoFiType1.cc porque no garantiza que la cadena de origen tenga una longitud v\u00e1lida antes de realizar una copia de longitud fija. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftotext. Permite a un atacante usar un archivo pdf creado para provocar la denegaci\u00f3n de servicio o una fuga de informaci\u00f3n, o posiblemente tener otro impacto no especificado."
}
],
"id": "CVE-2019-13283",
"lastModified": "2024-11-21T04:24:37.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T20:15:10.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41843"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 04:15
Modified
2024-11-21 06:49
Severity ?
Summary
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.xpdfreader.com/security-fixes.html | Vendor Advisory | |
| cve@mitre.org | https://dl.xpdfreader.com/xpdf-4.04.tar.gz | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xpdfreader.com/security-fixes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.xpdfreader.com/xpdf-4.04.tar.gz | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F876F9E8-7664-472C-84DB-3DC4CB280618",
"versionEndExcluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the \u0027interleaved\u0027 flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc."
},
{
"lang": "es",
"value": "En Xpdf versiones anteriores a 4.04, el descodificador DCT (JPEG) permit\u00eda de forma incorrecta cambiar el flag \"interleaved\" despu\u00e9s del primer escaneo de la imagen, conllevando a una vulnerabilidad desconocida relacionada con los enteros en Stream.cc"
}
],
"id": "CVE-2022-24106",
"lastModified": "2024-11-21T06:49:48.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T04:15:10.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35379 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | Vendor Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT3613 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT3639 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | ||
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1022073 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1522 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1621 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=495889 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35379 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3613 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1522 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1621 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=495889 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en el decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo PDF creado."
}
],
"id": "CVE-2009-1179",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-23T17:30:01.750",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495889"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-25 00:15
Modified
2024-11-21 04:23
Severity ?
Summary
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, se podr\u00eda desencadenar una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n FoFiType1C::convertToType0 en el archivo fofi/FoFiType1C.cc cuando se intenta acceder al segundo elemento de la matriz privateDicts, debido a que la matriz privateDicts solo tiene un elemento asignado."
}
],
"id": "CVE-2019-12958",
"lastModified": "2024-11-21T04:23:53.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-25T00:15:09.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41815"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | Vendor Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | Patch | |
| secalert@redhat.com | http://www.securitytracker.com/id?1022072 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=495894 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=495894 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "El decodificador JBIG2 en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una desreferencia de puntero NULL."
}
],
"id": "CVE-2009-1181",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-23T17:30:01.780",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022072"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495894"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"multiple bytes per line\" case."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta un desbordamiento de enteros en la funci\u00f3n JBIG2Bitmap::combine en el archivo JBIG2Stream.cc para el caso \"multiple bytes per line\"."
}
],
"id": "CVE-2019-14289",
"lastModified": "2024-11-21T04:26:22.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-27 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xpdf versi\u00f3n 4.01.01. Se presenta una lectura fuera de l\u00edmites en la funci\u00f3n GfxPatchMeshShading::parse en el archivo GfxState.cc para typeA==6 caso 2."
}
],
"id": "CVE-2019-14290",
"lastModified": "2024-11-21T04:26:23.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-27T19:15:11.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 04:15
Modified
2024-11-21 06:49
Severity ?
Summary
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.xpdfreader.com/security-fixes.html | Vendor Advisory | |
| cve@mitre.org | https://dl.xpdfreader.com/xpdf-4.04.tar.gz | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xpdfreader.com/security-fixes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.xpdfreader.com/xpdf-4.04.tar.gz | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F876F9E8-7664-472C-84DB-3DC4CB280618",
"versionEndExcluding": "4.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc."
},
{
"lang": "es",
"value": "Xpdf versiones anteriores a 4.04, carece de una comprobaci\u00f3n de desbordamiento de enteros en el archivo JPXStream.cc"
}
],
"id": "CVE-2022-24107",
"lastModified": "2024-11-21T06:49:49.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T04:15:10.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.xpdfreader.com/security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| secalert@redhat.com | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Patch | |
| secalert@redhat.com | http://secunia.com/advisories/34291 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34481 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34746 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34755 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34756 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34852 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34959 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34963 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34991 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35037 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35064 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35065 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35618 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/35685 | Vendor Advisory | |
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/34568 | Patch | |
| secalert@redhat.com | http://www.securitytracker.com/id?1022072 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=495899 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://poppler.freedesktop.org/releases.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34755 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35618 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/196617 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0429.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0430.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0431.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1065 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1066 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1076 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1077 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=495899 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * | |
| poppler | poppler | 0.1 | |
| poppler | poppler | 0.1.1 | |
| poppler | poppler | 0.1.2 | |
| poppler | poppler | 0.2.0 | |
| poppler | poppler | 0.3.0 | |
| poppler | poppler | 0.3.1 | |
| poppler | poppler | 0.3.2 | |
| poppler | poppler | 0.3.3 | |
| poppler | poppler | 0.4.0 | |
| poppler | poppler | 0.4.1 | |
| poppler | poppler | 0.4.2 | |
| poppler | poppler | 0.4.3 | |
| poppler | poppler | 0.4.4 | |
| poppler | poppler | 0.5.0 | |
| poppler | poppler | 0.5.1 | |
| poppler | poppler | 0.5.2 | |
| poppler | poppler | 0.5.3 | |
| poppler | poppler | 0.5.4 | |
| poppler | poppler | 0.5.9 | |
| poppler | poppler | 0.5.90 | |
| poppler | poppler | 0.5.91 | |
| poppler | poppler | 0.6.0 | |
| poppler | poppler | 0.6.1 | |
| poppler | poppler | 0.6.2 | |
| poppler | poppler | 0.6.3 | |
| poppler | poppler | 0.6.4 | |
| poppler | poppler | 0.7.0 | |
| poppler | poppler | 0.7.1 | |
| poppler | poppler | 0.7.2 | |
| poppler | poppler | 0.7.3 | |
| poppler | poppler | 0.8.0 | |
| poppler | poppler | 0.8.1 | |
| poppler | poppler | 0.8.2 | |
| poppler | poppler | 0.8.3 | |
| poppler | poppler | 0.8.4 | |
| poppler | poppler | 0.8.5 | |
| poppler | poppler | 0.8.6 | |
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| apple | cups | * | |
| apple | cups | 1.1 | |
| apple | cups | 1.1.1 | |
| apple | cups | 1.1.2 | |
| apple | cups | 1.1.3 | |
| apple | cups | 1.1.4 | |
| apple | cups | 1.1.5 | |
| apple | cups | 1.1.5-1 | |
| apple | cups | 1.1.5-2 | |
| apple | cups | 1.1.6 | |
| apple | cups | 1.1.6-1 | |
| apple | cups | 1.1.6-2 | |
| apple | cups | 1.1.6-3 | |
| apple | cups | 1.1.7 | |
| apple | cups | 1.1.8 | |
| apple | cups | 1.1.9 | |
| apple | cups | 1.1.9-1 | |
| apple | cups | 1.1.10 | |
| apple | cups | 1.1.10-1 | |
| apple | cups | 1.1.11 | |
| apple | cups | 1.1.12 | |
| apple | cups | 1.1.13 | |
| apple | cups | 1.1.14 | |
| apple | cups | 1.1.15 | |
| apple | cups | 1.1.16 | |
| apple | cups | 1.1.17 | |
| apple | cups | 1.1.18 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.19 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.20 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.21 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.22 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.1.23 | |
| apple | cups | 1.2.0 | |
| apple | cups | 1.2.1 | |
| apple | cups | 1.2.2 | |
| apple | cups | 1.2.3 | |
| apple | cups | 1.2.4 | |
| apple | cups | 1.2.5 | |
| apple | cups | 1.2.6 | |
| apple | cups | 1.2.7 | |
| apple | cups | 1.2.8 | |
| apple | cups | 1.2.9 | |
| apple | cups | 1.2.10 | |
| apple | cups | 1.2.11 | |
| apple | cups | 1.2.12 | |
| apple | cups | 1.3.0 | |
| apple | cups | 1.3.1 | |
| apple | cups | 1.3.2 | |
| apple | cups | 1.3.3 | |
| apple | cups | 1.3.4 | |
| apple | cups | 1.3.5 | |
| apple | cups | 1.3.6 | |
| apple | cups | 1.3.7 | |
| apple | cups | 1.3.8 | |
| apple | cups | 1.3.10 | |
| apple | cups | 1.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0299F4A-A027-430C-9A53-AFEF9022960C",
"versionEndIncluding": "0.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E90153-8D18-4A50-9581-895C851F6489",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69BD64BB-BDA7-4F82-8324-B7C7C941133C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAEE03E-0B8A-4D10-BD4D-2DA25B7BBE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8814509-8B08-46C6-AE50-19B7D30DCF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0718FB6B-D787-409A-B535-0318F2C63A81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file."
},
{
"lang": "es",
"value": "El decodificador JBIG2 MMR en Xpdf versi\u00f3n 3.02 PL2 y anteriores, CUPS versi\u00f3n 1.3.9 y anteriores, Poppler versi\u00f3n anterior a 0.10.6, y otros productos permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y colgar) por medio de un archivo PDF creado."
}
],
"id": "CVE-2009-1183",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-23T17:30:01.827",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1022072"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495899"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-06 08:29
Modified
2024-11-21 04:51
Severity ?
Summary
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5C7A67-81A3-4BD3-A495-2F75C68F33EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "En la versi\u00f3n 4.01 de Xpdf, hay una vulnerabilidad de desreferencia de puntero NULL en PSOutputDev::setupResources() en PSOutputDev.cc. Puede desencadenarse mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdftops. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado."
}
],
"id": "CVE-2019-9589",
"lastModified": "2024-11-21T04:51:54.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-06T08:29:00.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41262"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-05 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch | Patch | |
| secalert@redhat.com | http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| secalert@redhat.com | http://secunia.com/advisories/42141 | ||
| secalert@redhat.com | http://secunia.com/advisories/42357 | ||
| secalert@redhat.com | http://secunia.com/advisories/42397 | ||
| secalert@redhat.com | http://secunia.com/advisories/42691 | ||
| secalert@redhat.com | http://secunia.com/advisories/43079 | ||
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2119 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2135 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| secalert@redhat.com | http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2010/10/04/6 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0749.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0751.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0752.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0753.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0859.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/43841 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1005-1 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/2897 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/3097 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2011/0230 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=638960 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1201.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42141 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42357 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42397 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42691 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43079 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2119 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2010/10/04/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0749.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0751.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0752.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0753.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0859.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/43841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1005-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/2897 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3097 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0230 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=638960 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| poppler | poppler | 0.8.7 | |
| poppler | poppler | 0.9.0 | |
| poppler | poppler | 0.9.1 | |
| poppler | poppler | 0.9.2 | |
| poppler | poppler | 0.9.3 | |
| poppler | poppler | 0.10.0 | |
| poppler | poppler | 0.10.1 | |
| poppler | poppler | 0.10.2 | |
| poppler | poppler | 0.10.3 | |
| poppler | poppler | 0.10.4 | |
| poppler | poppler | 0.10.5 | |
| poppler | poppler | 0.10.6 | |
| poppler | poppler | 0.10.7 | |
| poppler | poppler | 0.11.0 | |
| poppler | poppler | 0.11.1 | |
| poppler | poppler | 0.11.2 | |
| poppler | poppler | 0.11.3 | |
| poppler | poppler | 0.12.0 | |
| poppler | poppler | 0.12.1 | |
| poppler | poppler | 0.12.2 | |
| poppler | poppler | 0.12.3 | |
| poppler | poppler | 0.12.4 | |
| poppler | poppler | 0.13.0 | |
| poppler | poppler | 0.13.1 | |
| poppler | poppler | 0.13.2 | |
| poppler | poppler | 0.13.3 | |
| poppler | poppler | 0.13.4 | |
| poppler | poppler | 0.14.0 | |
| poppler | poppler | 0.14.1 | |
| poppler | poppler | 0.14.2 | |
| poppler | poppler | 0.14.3 | |
| poppler | poppler | 0.14.4 | |
| poppler | poppler | 0.14.5 | |
| poppler | poppler | 0.15.0 | |
| poppler | poppler | 0.15.1 | |
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| foolabs | xpdf | 3.02pl1 | |
| foolabs | xpdf | 3.02pl2 | |
| foolabs | xpdf | 3.02pl3 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| glyphandcog | xpdfreader | 3.02 | |
| kde | kdegraphics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E25003C-04CE-401F-B012-F2E13DC8E8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "189FE6D1-C001-4D43-BFD2-B8421C6FAB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF3866C-09D2-4564-A7AE-2C49A5E8480C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A43C280F-A571-4EF9-B301-244B05750933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D37AC0D5-6811-4FE2-83BB-FEF44B228645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B24274-2F2F-4F3A-8978-390BF69EF0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14959178-17D0-4794-867F-AB62501EEF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1129356-C0B0-4130-A1EF-888B02783317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD0FA23-F797-4FB5-85AD-29AED926E02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B06D79-50AD-49D0-B372-25CA226EEA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A34735C6-2738-4CCC-9322-8F7584AB616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "339A5BC3-7AED-4912-B6D3-BBD5FBF4AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "325750AA-5E10-457E-88E8-439DFB81FE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "235861C5-B126-4A27-A51F-94568DBA5FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D5F0-DA69-453A-9729-03FD1151D94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83E52568-A112-4533-9CFA-55D35F40AA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38A9C7A2-DAC5-4334-9A88-CF9085A34186",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0E0FC3-B53F-462D-8562-D2464BB111E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption."
},
{
"lang": "es",
"value": "La funci\u00f3n FoFiType1::parse en fofi/FoFiType1.cc del parseador de PDF de xpdf antes de v3.02pl5, poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, kdegraphics, y posiblemente otros productos, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario mediante un archivo PDF con una fuente Type1 modificada que contiene un \u00edndice de matriz negativo, el cual se salta la validaci\u00f3n de entrada y que provoca una corrupci\u00f3n de memoria."
}
],
"id": "CVE-2010-3704",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-05T18:00:25.983",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42141"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42357"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42397"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42691"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43079"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43841"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1005-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=263028 | Patch | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/34852 | ||
| cve@mitre.org | http://secunia.com/advisories/34959 | ||
| cve@mitre.org | http://secunia.com/advisories/34991 | ||
| cve@mitre.org | http://secunia.com/advisories/35037 | ||
| cve@mitre.org | http://secunia.com/advisories/35065 | ||
| cve@mitre.org | http://secunia.com/advisories/35074 | ||
| cve@mitre.org | http://secunia.com/advisories/35685 | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3549 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3639 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1790 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1793 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34568 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1297 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1621 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/50377 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=263028 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34852 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34959 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34991 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35037 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3549 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34568 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-133A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1297 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1621 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50377 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 | |
| glyphandcog | xpdfreader | 3.01 | |
| poppler | poppler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A63FAB9-7E4D-4D2D-808B-F96F2015BF63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to \"g*allocn.\""
},
{
"lang": "es",
"value": "Desbordamiento de entero en el decodificador JBIG2 en Xpdf v3.02p12 y anteriores, como se utiliza en Poppler y otros productos, cuando corre en Mac OS X, tiene un impacto desconocido, relacionado con \"g*allocn.\""
}
],
"id": "CVE-2009-0165",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-23T19:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34852"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34959"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34991"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35037"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.578477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50377"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 22:15
Modified
2024-11-21 04:24
Severity ?
Summary
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| glyphandcog | xpdfreader | 4.01.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D4AA9-E963-4040-90A2-7C00646A96F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool."
},
{
"lang": "es",
"value": "En Xpdf versi\u00f3n 4.01.01, presenta una vulnerabilidad de uso de la memoria previamente liberada en la funci\u00f3n JBIG2Stream::close() ubicada en el archivo JBIG2Stream.cc. Por ejemplo, puede ser activada enviando un documento PDF creado hacia la herramienta pdftoppm."
}
],
"id": "CVE-2019-13289",
"lastModified": "2024-11-21T04:24:38.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T22:15:10.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/34291 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/34481 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/34756 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/34963 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/35064 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2009-17/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2009-18/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/archive/1/502759/100/0/threaded | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/archive/1/502762/100/0/threaded | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/34791 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vupen.com/english/advisories/2010/1040 | ||
| PSIRT-CNA@flexerasoftware.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34291 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34481 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34756 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34963 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35064 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2009-17/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2009-18/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0480.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502759/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502762/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34791 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1040 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | cups | 1.3.9 | |
| foolabs | xpdf | 0.5a | |
| foolabs | xpdf | 0.7a | |
| foolabs | xpdf | 0.91a | |
| foolabs | xpdf | 0.91b | |
| foolabs | xpdf | 0.91c | |
| foolabs | xpdf | 0.92a | |
| foolabs | xpdf | 0.92b | |
| foolabs | xpdf | 0.92c | |
| foolabs | xpdf | 0.92d | |
| foolabs | xpdf | 0.92e | |
| foolabs | xpdf | 0.93a | |
| foolabs | xpdf | 0.93b | |
| foolabs | xpdf | 0.93c | |
| foolabs | xpdf | 1.00a | |
| foolabs | xpdf | 3.0.1 | |
| glyphandcog | xpdfreader | * | |
| glyphandcog | xpdfreader | 0.2 | |
| glyphandcog | xpdfreader | 0.3 | |
| glyphandcog | xpdfreader | 0.4 | |
| glyphandcog | xpdfreader | 0.5 | |
| glyphandcog | xpdfreader | 0.6 | |
| glyphandcog | xpdfreader | 0.7 | |
| glyphandcog | xpdfreader | 0.80 | |
| glyphandcog | xpdfreader | 0.90 | |
| glyphandcog | xpdfreader | 0.91 | |
| glyphandcog | xpdfreader | 0.92 | |
| glyphandcog | xpdfreader | 0.93 | |
| glyphandcog | xpdfreader | 1.00 | |
| glyphandcog | xpdfreader | 1.01 | |
| glyphandcog | xpdfreader | 2.00 | |
| glyphandcog | xpdfreader | 2.01 | |
| glyphandcog | xpdfreader | 2.02 | |
| glyphandcog | xpdfreader | 2.03 | |
| glyphandcog | xpdfreader | 3.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C671B95-8892-4D71-87FE-BABF5CBEC144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
"matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
"matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
"matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
"matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
"matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
"versionEndIncluding": "3.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Xpdf v3.02p12 y anteriores, CUPS v1.3.9 y probablemente otros productos, permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de un fichero PDF con segmentos JBIG2 de diccionario simb\u00f3lico manipulados."
}
],
"id": "CVE-2009-0195",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.627",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34291"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34481"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34756"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34963"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/35064"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-17/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-18/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/502759/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/502762/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/34791"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-18/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502759/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502762/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}