CVE-2009-0195 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Cups

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

9.0%

top 7.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xpdf Glyphandcog Xpdfreader Apple Cups +1 more

Timeline

PublishedApr 23

Latest updateMay 2

Description

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶Debianxpdf/xpdf< 3.02-1.4+lenny1+3

▶NVDglyphandcog/xpdfreader3.02+18

▶NVDapple/cups1.3.9

▶NVDfoolabs/xpdf15 versions+14

🔴Vulnerability Details

GHSA

GHSA-fvm9-xxrq-gwmc: Heap-based buffer overflow in Xpdf 3↗2022-05-02

▶

OSV

CVE-2009-0195: Heap-based buffer overflow in Xpdf 3↗2009-04-23

▶

CVEList

CVE-2009-0195: Heap-based buffer overflow in Xpdf 3↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

KOffice vulnerabilities↗2010-08-17

▶

Red Hat

xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)↗2009-04-16

▶

Red Hat

xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)↗2009-04-16

▶

Debian

CVE-2009-0195: xpdf - Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably...↗2009

▶

💬Community

Bugzilla

CVE-2009-0146 xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)↗2009-03-17

▶