CVE-2009-0800 — Improper Input Validation in Apple Cups

CWE-20 — Improper Input Validation13 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

9.0%

top 7.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Xpdf Apple Cups +3 more

Timeline

PublishedApr 23

Latest updateMay 2

Description

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

▶Debianxpdf/xpdf< 3.02-1.4+lenny1+3

▶Debianfreedesktop/poppler< 0.10.6-1+3

▶NVDapple/cups1.3.9+55

▶NVDpoppler/poppler0.10.5+47

▶NVDglyphandcog/xpdfreader3.02+19

🔴Vulnerability Details

GHSA

GHSA-x57h-fgf6-293f: Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3↗2022-05-02

▶

CVEList

CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3↗2009-04-23

▶

OSV

CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

KOffice vulnerabilities↗2010-08-17

▶

Red Hat

PDF JBIG2 multiple input validation flaws↗2009-04-16

▶

Ubuntu

poppler vulnerabilities↗2009-04-16

▶

Debian

CVE-2009-0800: poppler - Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earli...↗2009

▶

💬Community

Bugzilla

CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F10]↗2009-04-21

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

CVE-2009-1338 kernel: 'kill sig -1' must only apply to caller's pid namespace↗2009-04-16

▶

Bugzilla

CVE-2009-0800 PDF JBIG2 multiple input validation flaws↗2009-04-15

▶