CVE-2009-3955

EUVD-2009-3926
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
𝑥
≤ 9.2
adobeacrobat
3.0
adobeacrobat
3.1
adobeacrobat
4.0
adobeacrobat
4.0.5
adobeacrobat
4.0.5a:a
adobeacrobat
4.0.5c:c
adobeacrobat
5.0
adobeacrobat
5.0.5
adobeacrobat
5.0.6
adobeacrobat
5.0.10
adobeacrobat
6.0
adobeacrobat
6.0.1
adobeacrobat
6.0.2
adobeacrobat
6.0.3
adobeacrobat
6.0.4
adobeacrobat
6.0.5
adobeacrobat
6.0.6
adobeacrobat
7.0
adobeacrobat
7.0.1
adobeacrobat
7.0.2
adobeacrobat
7.0.3
adobeacrobat
7.0.4
adobeacrobat
7.0.5
adobeacrobat
7.0.6
adobeacrobat
7.0.7
adobeacrobat
7.0.8
adobeacrobat
7.0.9
adobeacrobat
7.1.0
adobeacrobat
7.1.1
adobeacrobat
7.1.2
adobeacrobat
7.1.3
adobeacrobat
7.1.4
adobeacrobat
8.0
adobeacrobat
8.1
adobeacrobat
8.1.1
adobeacrobat
8.1.2
adobeacrobat
8.1.3
adobeacrobat
8.1.4
adobeacrobat
8.1.5
adobeacrobat
8.1.6
adobeacrobat
8.1.7
adobeacrobat
9.0
adobeacrobat
9.1
adobeacrobat
9.1.1
adobeacrobat
9.1.2
adobeacrobat
9.1.3
adobeacrobat_reader
𝑥
≤ 9.2
adobeacrobat_reader
3.0
adobeacrobat_reader
3.01
adobeacrobat_reader
3.02
adobeacrobat_reader
4.0
adobeacrobat_reader
4.0.5
adobeacrobat_reader
4.0.5a:a
adobeacrobat_reader
4.0.5c:c
adobeacrobat_reader
4.5
adobeacrobat_reader
5.0
adobeacrobat_reader
5.0.5
adobeacrobat_reader
5.0.6
adobeacrobat_reader
5.0.7
adobeacrobat_reader
5.0.9
adobeacrobat_reader
5.0.10
adobeacrobat_reader
5.0.11
adobeacrobat_reader
5.1
adobeacrobat_reader
6.0
adobeacrobat_reader
6.0.1
adobeacrobat_reader
6.0.2
adobeacrobat_reader
6.0.3
adobeacrobat_reader
6.0.4
adobeacrobat_reader
6.0.5
adobeacrobat_reader
7.0
adobeacrobat_reader
7.0.1
adobeacrobat_reader
7.0.2
adobeacrobat_reader
7.0.3
adobeacrobat_reader
7.0.4
adobeacrobat_reader
7.0.5
adobeacrobat_reader
7.0.6
adobeacrobat_reader
7.0.7
adobeacrobat_reader
7.0.8
adobeacrobat_reader
7.0.9
adobeacrobat_reader
7.1.0
adobeacrobat_reader
7.1.1
adobeacrobat_reader
7.1.2
adobeacrobat_reader
7.1.3
adobeacrobat_reader
8.0
adobeacrobat_reader
8.1
adobeacrobat_reader
8.1.1
adobeacrobat_reader
8.1.2
adobeacrobat_reader
8.1.4
adobeacrobat_reader
8.1.5
adobeacrobat_reader
8.1.6
adobeacrobat_reader
8.1.7
adobeacrobat_reader
9.0
adobeacrobat_reader
9.1
adobeacrobat_reader
9.1.1
adobeacrobat_reader
9.1.2
adobeacrobat_reader
9.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37757
http://www.securitytracker.com/id?1023446
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37757
http://www.securitytracker.com/id?1023446
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=554293
https://exchange.xforce.ibmcloud.com/vulnerabilities/55553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255