Vulnerability Description
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sumatrapdfreader | Sumatrapdf | <= 0.9.3 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.htmlExploit
- http://secunia.com/advisories/34916Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1185Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1186Vendor Advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=690555
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=451373e028f82
- http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.htmlExploit
- http://secunia.com/advisories/34916Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1185Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1186Vendor Advisory
FAQ
What is CVE-2009-1605?
CVE-2009-1605 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to...
How severe is CVE-2009-1605?
CVE-2009-1605 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1605?
Check the references section above for vendor advisories and patch information. Affected products include: Sumatrapdfreader Sumatrapdf.