CVE-2009-1861

EUVD-2009-1856
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
7.0
adobeacrobat
7.0
adobeacrobat
7.0
adobeacrobat
7.0.1
adobeacrobat
7.0.1
adobeacrobat
7.0.1
adobeacrobat
7.0.2
adobeacrobat
7.0.2
adobeacrobat
7.0.2
adobeacrobat
7.0.3
adobeacrobat
7.0.3
adobeacrobat
7.0.3
adobeacrobat
7.0.4
adobeacrobat
7.0.4
adobeacrobat
7.0.4
adobeacrobat
7.0.5
adobeacrobat
7.0.5
adobeacrobat
7.0.5
adobeacrobat
7.0.6
adobeacrobat
7.0.6
adobeacrobat
7.0.6
adobeacrobat
7.0.7
adobeacrobat
7.0.7
adobeacrobat
7.0.7
adobeacrobat
7.0.8
adobeacrobat
7.0.8
adobeacrobat
7.0.8
adobeacrobat
7.0.8
adobeacrobat
7.0.9
adobeacrobat
7.0.9
adobeacrobat
7.1
adobeacrobat
7.1
adobeacrobat
7.1
adobeacrobat
7.1.0
adobeacrobat
7.1.1
adobeacrobat
7.1.1
adobeacrobat
8.0
adobeacrobat
8.0
adobeacrobat
8.0
adobeacrobat
8.1
adobeacrobat
8.1
adobeacrobat
8.1.1
adobeacrobat
8.1.1
adobeacrobat
8.1.1
adobeacrobat
8.1.2
adobeacrobat
8.1.2
adobeacrobat
8.1.2
adobeacrobat
8.1.2:security_update
adobeacrobat
8.1.3
adobeacrobat
8.1.3
adobeacrobat
8.1.3
adobeacrobat
8.1.4
adobeacrobat
8.1.4
adobeacrobat
8.1.4
adobeacrobat
9.0
adobeacrobat
9.0
adobeacrobat
9.0.0
adobeacrobat
9.1
adobeacrobat
9.1
adobeacrobat_reader
7.0
adobeacrobat_reader
7.0.1
adobeacrobat_reader
7.0.2
adobeacrobat_reader
7.0.3
adobeacrobat_reader
7.0.4
adobeacrobat_reader
7.0.5
adobeacrobat_reader
7.0.6
adobeacrobat_reader
7.0.7
adobeacrobat_reader
7.0.8
adobeacrobat_reader
7.0.9
adobeacrobat_reader
7.1
adobeacrobat_reader
7.1.1
adobeacrobat_reader
8.0
adobeacrobat_reader
8.1
adobeacrobat_reader
8.1.1
adobeacrobat_reader
8.1.2
adobeacrobat_reader
8.1.2:security_update
adobeacrobat_reader
8.1.3
adobeacrobat_reader
8.1.4
adobeacrobat_reader
8.1.5
adobeacrobat_reader
9.1
adobeacrobat_reader
9.1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
dapper
ignored
hardy
Fixed 9.1.2-0hardy3
released
intrepid
Fixed 9.1.2-3intrepid1
released
jaunty
Fixed 9.1.2-3jaunty1
released
karmic
Fixed 9.2-1karmic1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/34580
http://secunia.com/advisories/35496
http://secunia.com/advisories/35655
http://secunia.com/advisories/35685
http://secunia.com/advisories/35734
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://securitytracker.com/id?1022361
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.kb.cert.org/vuls/id/568153
http://www.redhat.com/support/errata/RHSA-2009-1109.html
http://www.securityfocus.com/bid/35274
http://www.securityfocus.com/bid/35295
http://www.us-cert.gov/cas/techalerts/TA09-161A.html
http://www.vupen.com/english/advisories/2009/1547
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/34580
http://secunia.com/advisories/35496
http://secunia.com/advisories/35655
http://secunia.com/advisories/35685
http://secunia.com/advisories/35734
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://securitytracker.com/id?1022361
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.kb.cert.org/vuls/id/568153
http://www.redhat.com/support/errata/RHSA-2009-1109.html
http://www.securityfocus.com/bid/35274
http://www.securityfocus.com/bid/35295
http://www.us-cert.gov/cas/techalerts/TA09-161A.html
http://www.vupen.com/english/advisories/2009/1547