CVE-2009-2979

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
adobeacrobat
𝑥
≤ 9.1.3
adobeacrobat
7.0
adobeacrobat
7.0.1
adobeacrobat
7.0.2
adobeacrobat
7.0.3
adobeacrobat
7.0.4
adobeacrobat
7.0.5
adobeacrobat
7.0.6
adobeacrobat
7.0.7
adobeacrobat
7.0.8
adobeacrobat
7.0.9
adobeacrobat
7.1.0
adobeacrobat
7.1.1
adobeacrobat
7.1.3
adobeacrobat
8.0
adobeacrobat
8.1
adobeacrobat
8.1.1
adobeacrobat
8.1.2
adobeacrobat
8.1.3
adobeacrobat
8.1.4
adobeacrobat
8.1.6
adobeacrobat
9.0
adobeacrobat
9.1.1
adobeacrobat
9.1.2
adobeacrobat_reader
𝑥
≤ 9.1.3
adobeacrobat_reader
7.0
adobeacrobat_reader
7.0.1
adobeacrobat_reader
7.0.2
adobeacrobat_reader
7.0.3
adobeacrobat_reader
7.0.4
adobeacrobat_reader
7.0.5
adobeacrobat_reader
7.0.6
adobeacrobat_reader
7.0.7
adobeacrobat_reader
7.0.8
adobeacrobat_reader
7.0.9
adobeacrobat_reader
7.1.0
adobeacrobat_reader
7.1.1
adobeacrobat_reader
7.1.3
adobeacrobat_reader
8.0
adobeacrobat_reader
8.1
adobeacrobat_reader
8.1.1
adobeacrobat_reader
8.1.2
adobeacrobat_reader
8.1.3
adobeacrobat_reader
8.1.4
adobeacrobat_reader
8.1.5
adobeacrobat_reader
8.1.6
adobeacrobat_reader
9.0
adobeacrobat_reader
9.1
adobeacrobat_reader
9.1.1
adobeacrobat_reader
9.1.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
karmic
Fixed 9.2-1karmic1
released
jaunty
Fixed 9.2-1jaunty1
released
intrepid
Fixed 9.2-1intrepid2
released
hardy
Fixed 9.2-1
released
dapper
ignored
References
http://securitytracker.com/id?1023007
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.securityfocus.com/bid/36638
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.vupen.com/english/advisories/2009/2898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6280
http://securitytracker.com/id?1023007
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.securityfocus.com/bid/36638
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.vupen.com/english/advisories/2009/2898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6280