You are here

CVE-2009-0799

Vincent (CVE) Danen's picture
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

Details Source

Mitre

Public Date

2009-04-16 00:00:00

Impact

Low

Bugzilla

CVE-2009-0799 PDF JBIG2 decoder OOB read

Bugzilla ID

495 886

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (xpdf) RHSA-2009:0430 2009-04-16
Red Hat Enterprise Linux 4 (kdegraphics) RHSA-2009:0431 2009-04-16
Red Hat Enterprise Linux 3 (xpdf) RHSA-2009:0430 2009-04-16
Red Hat Enterprise Linux 5 (cups) RHSA-2009:0429 2009-04-16
Red Hat Enterprise Linux 4 (cups) RHSA-2009:0429 2009-04-16
Red Hat Enterprise Linux 4 (gpdf) RHSA-2009:0458 2009-04-30
Red Hat Enterprise Linux 5 (tetex) RHSA-2010:0400 2010-05-06
Red Hat Enterprise Linux 4 (tetex) RHSA-2010:0399 2010-05-06
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (kdegraphics) RHSA-2009:0431 2009-04-16
Red Hat Enterprise Linux 5 (poppler) RHSA-2009:0480 2009-05-13
Red Hat Enterprise Linux 5 (kdegraphics) RHSA-2009:0431 2009-04-16