CVE-2009-0791

CWE-189CWE-190Integer Overflow9 documents7 sources
Severity
6.8MEDIUM
EPSS
5.0%
top 10.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Cups
Timeline
PublishedJun 9
Latest updateMay 2

Description

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may ove

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiancups< 1.3.10-1+3
NVDapple/cups1.1.17, 1.1.22, 1.3.7+2

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-89xf-5fpv-6xg6: Multiple integer overflows in Xpdf 22022-05-02
CVEList
CVE-2009-0791: Multiple integer overflows in Xpdf 22009-06-09
OSV
CVE-2009-0791: Multiple integer overflows in Xpdf 22009-06-09

📋Vendor Advisories

3
Red Hat
xpdf: multiple integer overflows2009-05-19
Red Hat
xpdf: multiple integer overflows2009-05-19
Debian
CVE-2009-0791: cups - Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the p...2009

💬Community

2
Bugzilla
CVE-2009-0791 CVE-2009-360{3,4,6,7,8,9} Multiple poppler vulnerabilities2009-10-25
Bugzilla
CVE-2009-0791 xpdf: multiple integer overflows2009-03-24
CVE-2009-0791 (MEDIUM CVSS 6.8) | Multiple integer overflows in Xpdf | cvebase.io