CVE-2009-3431
published 2009-09-25CVE-2009-3431: Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4…
PriorityP432medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
21.43%
97.3th percentile
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7phm-f5vw-fc7p: Stack consumption vulnerability in Adobe Reader and Acrobat 9
ghsa_unreviewed·2022-05-02
CVE-2009-3431 [MEDIUM] CWE-119 GHSA-7phm-f5vw-fc7p: Stack consumption vulnerability in Adobe Reader and Acrobat 9
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
Red Hat
acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
vendor_redhat·2009-10-13·CVSS 5.0
CVE-2009-3431 [MEDIUM] acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
No detection rules found.
http://securitytracker.com/id?1023007http://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.securityfocus.com/bid/35148http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2009/2898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6532http://securitytracker.com/id?1023007http://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.securityfocus.com/bid/35148http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2009/2898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6532
2009-09-25
Published