[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-0800Date: (C)2009-04-23   (M)2018-06-20


Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1022073
SECUNIA-34291
SECUNIA-34481
BID-34568
SECUNIA-34746
SECUNIA-34755
SECUNIA-34756
SECUNIA-34852
SECUNIA-34959
SECUNIA-34963
SECUNIA-34991
SECUNIA-35037
SECUNIA-35064
SECUNIA-35065
SECUNIA-35618
SECUNIA-35685
ADV-2009-1065
ADV-2009-1066
ADV-2009-1076
ADV-2009-1077
ADV-2010-1040
DSA-1790
DSA-1793
FEDORA-2009-6972
FEDORA-2009-6973
FEDORA-2009-6982
MDVSA-2009:101
MDVSA-2010:087
MDVSA-2011:175
RHSA-2009:0429
RHSA-2009:0430
RHSA-2009:0431
RHSA-2009:0458
RHSA-2009:0480
SSA:2009-129-01
SUSE-SA:2009:024
SUSE-SR:2009:010
SUSE-SR:2009:012
VU#196617
http://poppler.freedesktop.org/releases.html
https://bugzilla.redhat.com/show_bug.cgi?id=495887

CPE    92
cpe:/a:foolabs:xpdf:0.7
cpe:/a:foolabs:xpdf:0.6
cpe:/a:foolabs:xpdf:0.5
cpe:/a:foolabs:xpdf:0.4
...
CWE    1
CWE-20
OVAL    54
oval:org.secpod.oval:def:600408
oval:org.secpod.oval:def:700041
oval:org.secpod.oval:def:600277
oval:org.mitre.oval:def:7718
...

© SecPod Technologies