Vulnerability Details : CVE-2009-0800
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Vulnerability category: Input validationExecute code
Products affected by CVE-2009-0800
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
Threat overview for CVE-2009-0800
Top countries where our scanners detected CVE-2009-0800
Top open port discovered on systems with this issue
631
IPs affected by CVE-2009-0800 2,918
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-0800!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-0800
11.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0800
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2009-0800
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0800
-
http://poppler.freedesktop.org/releases.html
Poppler
-
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:010 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Support
-
http://rhn.redhat.com/errata/RHSA-2009-0458.html
RHSA-2009:0458 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Support
-
http://www.debian.org/security/2009/dsa-1790
[SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
[security-announce] SUSE Security Announcement: cups (SUSE-SA:2009:024) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.debian.org/security/2009/dsa-1793
[SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities
-
http://www.vupen.com/english/advisories/2009/1066
Site en constructionVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
[SECURITY] Fedora 11 Update: poppler-0.10.7-2.fc11
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Mandriva
-
http://www.vupen.com/english/advisories/2010/1040
Site en constructionVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
404 Not Found
-
http://www.securitytracker.com/id?1022073
Access Denied
-
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Support
-
http://www.vupen.com/english/advisories/2009/1065
Site en constructionVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
[SECURITY] Fedora 10 Update: poppler-0.8.7-6.fc10
-
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
[SECURITY] Fedora 9 Update: poppler-0.8.7-2.fc9
-
http://www.kb.cert.org/vuls/id/196617
VU#196617 - Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 dataUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Mandriva
-
https://bugzilla.redhat.com/show_bug.cgi?id=495887
495887 – (CVE-2009-0800) CVE-2009-0800 PDF JBIG2 multiple input validation flaws
-
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Support
-
http://www.securityfocus.com/bid/34568
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2009/1076
Site en constructionVendor Advisory
-
http://www.vupen.com/english/advisories/2009/1077
Site en constructionVendor Advisory
Jump to