Vulnerability Details : CVE-2009-0146
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
Vulnerability category: Denial of service
Products affected by CVE-2009-0146
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
Threat overview for CVE-2009-0146
Top countries where our scanners detected CVE-2009-0146
Top open port discovered on systems with this issue
631
IPs affected by CVE-2009-0146 2,962
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-0146!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-0146
2.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0146
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2009-0146
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0146
-
http://secunia.com/advisories/35074
About Secunia Research | FlexeraVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:010 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Support
-
http://www.vupen.com/english/advisories/2009/1297
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://secunia.com/advisories/34852
About Secunia Research | FlexeraVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2009-0458.html
RHSA-2009:0458 - Security Advisory - Red Hat Customer Portal
-
http://www.redhat.com/support/errata/RHSA-2009-0430.html
SupportPatch
-
http://secunia.com/advisories/34291
About Secunia Research | FlexeraVendor Advisory
-
http://www.debian.org/security/2009/dsa-1790
[SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities
-
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://secunia.com/advisories/34959
About Secunia Research | FlexeraVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
[security-announce] SUSE Security Announcement: cups (SUSE-SA:2009:024) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.debian.org/security/2009/dsa-1793
[SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities
-
http://www.vupen.com/english/advisories/2009/1066
Site en constructionVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
[SECURITY] Fedora 11 Update: poppler-0.10.7-2.fc11
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Mandriva
-
http://secunia.com/advisories/35618
About Secunia Research | FlexeraVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632
404 Not Found
-
http://www.vupen.com/english/advisories/2010/1040
Site en constructionVendor Advisory
-
http://www.securitytracker.com/id?1022073
Access Denied
-
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
-
http://secunia.com/advisories/34481
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/35064
About Secunia Research | FlexeraVendor Advisory
-
http://security.gentoo.org/glsa/glsa-200904-20.xml
CUPS: Multiple vulnerabilities (GLSA 200904-20) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=490612
490612 – (CVE-2009-0146, CVE-2009-0195) CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)
-
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Support
-
http://bugs.gentoo.org/show_bug.cgi?id=263028
263028 – (CVE-2009-0146) <app-text/poppler-0.10.5-r1 JBIG2 Multiple vulnerabilities (CVE-2009-{0146,0147,0165,0166,0195,0799,0800,1179,1180,1181,1182,1183,1187,1188})
-
http://www.vupen.com/english/advisories/2009/1065
Site en constructionVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
[SECURITY] Fedora 10 Update: poppler-0.8.7-6.fc10
-
http://www.securityfocus.com/archive/1/502761/100/0/threaded
-
http://secunia.com/advisories/35685
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/34755
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/35065
About Secunia Research | FlexeraVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
[SECURITY] Fedora 9 Update: poppler-0.8.7-2.fc9
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Mandriva
-
http://secunia.com/advisories/34756
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2009/1621
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Support
-
http://www.securityfocus.com/bid/34568
-
http://www.securityfocus.com/archive/1/502750/100/0/threaded
-
http://secunia.com/advisories/34963
About Secunia Research | Flexera
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
The Slackware Linux Project: Slackware Security Advisories
-
http://wiki.rpath.com/Advisories:rPSA-2009-0059
-
http://secunia.com/advisories/35037
About Secunia Research | Flexera
-
http://support.apple.com/kb/HT3549
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 - Apple Support
-
http://www.vupen.com/english/advisories/2009/1077
Site en constructionVendor Advisory
-
http://support.apple.com/kb/HT3639
About the security content of iOS 3.0 Software Update - Apple Support
-
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Apple Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://secunia.com/advisories/34991
About Secunia Research | FlexeraVendor Advisory
-
http://wiki.rpath.com/Advisories:rPSA-2009-0061
Jump to