Vulnerability Description
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Cups | 1.3.9 |
| Foolabs | Xpdf | 0.5a |
| Glyphandcog | Xpdfreader | <= 3.02 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2009-0458.html
- http://secunia.com/advisories/34291
- http://secunia.com/advisories/34481
- http://secunia.com/advisories/34756
- http://secunia.com/advisories/34963
- http://secunia.com/advisories/35064
- http://secunia.com/secunia_research/2009-17/Vendor Advisory
- http://secunia.com/secunia_research/2009-18/Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
- http://www.redhat.com/support/errata/RHSA-2009-0480.html
- http://www.securityfocus.com/archive/1/502759/100/0/threaded
- http://www.securityfocus.com/archive/1/502762/100/0/threaded
- http://www.securityfocus.com/bid/34791
- http://www.vupen.com/english/advisories/2010/1040
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-0195?
CVE-2009-0195 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary s...
How severe is CVE-2009-0195?
CVE-2009-0195 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0195?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups, Foolabs Xpdf, Glyphandcog Xpdfreader.