CVE-2009-0791

EUVD-2009-0789
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
applecups
1.1.17
applecups
1.1.22
applecups
1.3.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cups
bookworm
2.4.2-3+deb12u7
fixed
bookworm (security)
2.4.2-3+deb12u8
fixed
bullseye
2.3.3op2-3+deb11u8
fixed
bullseye (security)
2.3.3op2-3+deb11u9
fixed
etch
not-affected
lenny
not-affected
sid
2.4.10-2
fixed
trixie
2.4.10-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups
dapper
dne
hardy
dne
intrepid
not-affected
jaunty
not-affected
cupsys
dapper
not-affected
hardy
not-affected
intrepid
dne
jaunty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35340
http://secunia.com/advisories/35685
http://secunia.com/advisories/37023
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://securitytracker.com/id?1022326
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://www.securityfocus.com/bid/35195
http://www.vupen.com/english/advisories/2009/1488
http://www.vupen.com/english/advisories/2009/2928
https://bugzilla.redhat.com/show_bug.cgi?id=491840
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35340
http://secunia.com/advisories/35685
http://secunia.com/advisories/37023
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://securitytracker.com/id?1022326
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://www.securityfocus.com/bid/35195
http://www.vupen.com/english/advisories/2009/1488
http://www.vupen.com/english/advisories/2009/2928
https://bugzilla.redhat.com/show_bug.cgi?id=491840
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html