CVE-2009-0755
published 2009-03-03CVE-2009-0755: The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
10.81%
95.3th percentile
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.10.6-1 (bookworm) | poppler 0.10.6-1 (bookworm) |
| freedesktop | poppler | >= 0 < 0.10.6-1 | 0.10.6-1 |
| freedesktop | poppler | >= 0 < 0.10.6-1 | 0.10.6-1 |
| freedesktop | poppler | >= 0 < 0.10.6-1 | 0.10.6-1 |
| freedesktop | poppler | >= 0 < 0.10.6-1 | 0.10.6-1 |
| poppler | poppler | <= 0.10.3 | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2009-10-21
CVE-2009-0755 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler vulnerabilities
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
poppler/evince: DoS via crafted PDF file
vendor_redhat·2009-01-27·CVSS 5.0
CVE-2009-0755 [MEDIUM] poppler/evince: DoS via crafted PDF file
poppler/evince: DoS via crafted PDF file
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
Statement: Not vulnerable. This issue did not affect the versions of poppler, xpdf, gpdf and kdegraphics as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2009-0755: poppler - The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remo...
vendor_debian·2009·CVSS 5.0
CVE-2009-0755 [MEDIUM] CVE-2009-0755: poppler - The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remo...
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
Scope: local
bookworm: resolved (fixed in 0.10.6-1)
bullseye: resolved (fixed in 0.10.6-1)
forky: resolved (fixed in 0.10.6-1)
sid: resolved (fixed in 0.10.6-1)
trixie: resolved (fixed in 0.10.6-1)
GHSA
GHSA-jmc7-m54g-vwh9: The FormWidgetChoice::loadDefaults function in Poppler before 0
ghsa_unreviewed·2022-05-02
CVE-2009-0755 [MEDIUM] GHSA-jmc7-m54g-vwh9: The FormWidgetChoice::loadDefaults function in Poppler before 0
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
OSV
CVE-2009-0755: The FormWidgetChoice::loadDefaults function in Poppler before 0
osv·2009-03-03·CVSS 5.0
CVE-2009-0755 [MEDIUM] CVE-2009-0755: The FormWidgetChoice::loadDefaults function in Poppler before 0
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
No detection rules found.
Bugzilla
CVE-2009-1299 pulseaudio: information disclosure or DoS due to temporary directory handling
bugzilla·2010-03-05·CVSS 6.9
CVE-2009-1299 [MEDIUM] CVE-2009-1299 pulseaudio: information disclosure or DoS due to temporary directory handling
CVE-2009-1299 pulseaudio: information disclosure or DoS due to temporary directory handling
Dan Rosenberg reported a vulnerability in pulseaudio's handling of temporary directories, which can be used by an attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.
When pulseaudio starts, it creates a temporary directory with a predictable name (/tmp/.esd-[uid], where [uid] is the user id of the user executing the pulseaudio process). If the directory already exists, pulseaudio does not create a new one; it also does not check for symbolic links. After the directory is created, or if it already exists, pulseaudio will chown the directory to the uid/gid of the user running pulseaudio, and then chmods it to either 0700 or 0755 (the lat
Bugzilla
CVE-2009-0755 poppler/evince: DoS via crafted PDF file
bugzilla·2009-03-03·CVSS 5.0
CVE-2009-0755 [MEDIUM] CVE-2009-0755 poppler/evince: DoS via crafted PDF file
CVE-2009-0755 poppler/evince: DoS via crafted PDF file
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0755 to
the following vulnerability:
Name: CVE-2009-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
Assigned: 20090303
Reference: MLIST:[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/13/1
Reference: MLIST:[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/19/2
Reference: MLIST:[poppler] 20090128 poppler/Form.cc
Reference: URL: http://lists.freedesktop.org/archives/poppler/2009-January/004406.html
Reference: CONFIRM: http://bugs.freedesktop.
http://bugs.freedesktop.org/show_bug.cgi?id=19790http://lists.freedesktop.org/archives/poppler/2009-January/004406.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/33853http://secunia.com/advisories/35685http://secunia.com/advisories/37114http://wiki.rpath.com/Advisories:rPSA-2009-0059http://www.debian.org/security/2009/dsa-1941http://www.openwall.com/lists/oss-security/2009/02/13/1http://www.openwall.com/lists/oss-security/2009/02/19/2http://www.securityfocus.com/archive/1/502761/100/0/threadedhttp://www.securityfocus.com/bid/33749http://www.ubuntu.com/usn/USN-850-1http://bugs.freedesktop.org/show_bug.cgi?id=19790http://lists.freedesktop.org/archives/poppler/2009-January/004406.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/33853http://secunia.com/advisories/35685http://secunia.com/advisories/37114http://wiki.rpath.com/Advisories:rPSA-2009-0059http://www.debian.org/security/2009/dsa-1941http://www.openwall.com/lists/oss-security/2009/02/13/1http://www.openwall.com/lists/oss-security/2009/02/19/2http://www.securityfocus.com/archive/1/502761/100/0/threadedhttp://www.securityfocus.com/bid/33749http://www.ubuntu.com/usn/USN-850-1
2009-03-03
Published