CVE-2009-0791

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
applecups
1.1.17
applecups
1.1.22
applecups
1.3.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cups
bullseye
2.3.3op2-3+deb11u8
fixed
etch
not-affected
lenny
not-affected
bullseye (security)
2.3.3op2-3+deb11u9
fixed
bookworm
2.4.2-3+deb12u7
fixed
bookworm (security)
2.4.2-3+deb12u8
fixed
sid
2.4.10-2
fixed
trixie
2.4.10-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups
jaunty
not-affected
intrepid
not-affected
hardy
dne
dapper
dne
cupsys
jaunty
dne
intrepid
dne
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35340
http://secunia.com/advisories/35685
http://secunia.com/advisories/37023
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://securitytracker.com/id?1022326
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://www.securityfocus.com/bid/35195
http://www.vupen.com/english/advisories/2009/1488
http://www.vupen.com/english/advisories/2009/2928
https://bugzilla.redhat.com/show_bug.cgi?id=491840
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35340
http://secunia.com/advisories/35685
http://secunia.com/advisories/37023
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://securitytracker.com/id?1022326
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.redhat.com/support/errata/RHSA-2009-1083.html
http://www.securityfocus.com/bid/35195
http://www.vupen.com/english/advisories/2009/1488
http://www.vupen.com/english/advisories/2009/2928
https://bugzilla.redhat.com/show_bug.cgi?id=491840
https://exchange.xforce.ibmcloud.com/vulnerabilities/50941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html