Moderate

CVE-2009-0195 - Buffer Errors vulnerability in multiple products

Publication: 2009-04-23
Summary

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 6.8)

Moderate

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Foolabs Xpdf 0.92e
  • Foolabs Xpdf 0.2
  • Foolabs Xpdf 0.3
  • Foolabs Xpdf 0.4
  • Foolabs Xpdf 0.5
  • Foolabs Xpdf 0.6
  • Foolabs Xpdf 0.7
  • Foolabs Xpdf 0.80
  • Foolabs Xpdf 0.90
  • Foolabs Xpdf 0.91
  • Foolabs Xpdf 0.92
  • Foolabs Xpdf 0.93
  • Foolabs Xpdf 1.00
  • Foolabs Xpdf 1.01
  • Apple Cups 1.3.9
  • Foolabs Xpdf 2.00
  • Foolabs Xpdf 2.01
  • Foolabs Xpdf 2.02
  • Foolabs Xpdf 2.03
  • Foolabs Xpdf 3.00
  • Foolabs Xpdf 3.0.1
  • Foolabs Xpdf 0.91a
  • Foolabs Xpdf 0.93a
  • Foolabs Xpdf 0.93b
  • Foolabs Xpdf 0.93c
  • Foolabs Xpdf 0.91b
  • Foolabs Xpdf 1.00a
  • Foolabs Xpdf 0.91c
  • Foolabs Xpdf 3.02
  • Foolabs Xpdf 0.92a
  • Foolabs Xpdf 0.5a
  • Foolabs Xpdf 0.92c
  • Foolabs Xpdf 0.92d
  • Foolabs Xpdf 0.7a
  • Foolabs Xpdf 0.92b