cbcvebase.
CVE-2009-4117
published 2009-12-01

CVE-2009-4117: Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to…

PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.78%
93.9th percentile
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.

Affected

15 ranges
VendorProductVersion rangeFixed in
sumatrapdfreadersumatrapdf<= 1.0
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
sumatrapdfreadersumatrapdf
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.