[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4117

Date: (C)2009-11-30   (M)2017-08-18
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.

Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0330.html
SECUNIA-37494
SECUNIA-37513
ADV-2009-3355
http://blog.kowalczyk.info/software/sumatrapdf/news.html
mupdf-pdfshade4c-bo(54441)

CPE    15
cpe:/a:krzysztof_kowalczyk:sumatrapdf:0.9
cpe:/a:krzysztof_kowalczyk:sumatrapdf:0.5
cpe:/a:krzysztof_kowalczyk:sumatrapdf:0.9.4
cpe:/a:krzysztof_kowalczyk:sumatrapdf:0.6
...
CWE    1
CWE-119

© 2013 SecPod Technologies