CVE-2009-0146

CWE-119 — Buffer Overflow13 documents8 sources

Severity

4.3MEDIUM

EPSS

1.7%

top 17.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Glyphandcog Xpdfreader Foolabs Xpdf

Timeline

PublishedApr 23

Latest updateMay 2

Description

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶Debianxpdf< 3.02-1.4+lenny1+3

▶NVDapple/cups1.3.9+55

▶NVDglyphandcog/xpdfreader3.02+19

▶NVDfoolabs/xpdf14 versions+13

▶Debianpoppler< 0.10.6-1+3

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-29f7-44gf-pv93: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3↗2022-05-02

▶

CVEList

CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3↗2009-04-23

▶

OSV

CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

KOffice vulnerabilities↗2010-08-17

▶

Red Hat

xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)↗2009-04-16

▶

Ubuntu

poppler vulnerabilities↗2009-04-16

▶

Debian

CVE-2009-0146: cups - Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS...↗2009

▶

💬Community

Bugzilla

CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F10]↗2009-04-21

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

Multiple PDF flaws↗2009-03-24

▶

Bugzilla

CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)↗2009-03-17

▶