CVE-2009-0147

Executive Summary

Informations
Name	CVE-2009-0147	First vendor Publication	2009-04-23
Vendor	Cve	Last vendor Modification	2010-12-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147

CWE : Common Weakness Enumeration

id	Name
CWE-189	Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9941

Oval ID:	oval:org.mitre.oval:def:9941
Title:	Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
Description:	Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0147	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND xpdf is earlier than 1:2.02-14.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section tetex-latex is earlier than 0:2.0.2-22.0.1.EL4.16 AND kdegraphics-devel is earlier than 7:3.3.1-13.el4 AND tetex-dvips is earlier than 0:2.0.2-22.0.1.EL4.16 AND kdegraphics is earlier than 7:3.3.1-13.el4 AND tetex-fonts is earlier than 0:2.0.2-22.0.1.EL4.16 AND cups-libs is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 AND tetex is earlier than 0:2.0.2-22.0.1.EL4.16 AND gpdf is earlier than 0:2.8.2-7.7.2.el4_7.4 AND cups-devel is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 AND tetex-afm is earlier than 0:2.0.2-22.0.1.EL4.16 AND xpdf is earlier than 1:3.00-20.el4 AND tetex-xdvi is earlier than 0:2.0.2-22.0.1.EL4.16 AND tetex-doc is earlier than 0:2.0.2-22.0.1.EL4.16 AND cups is earlier than 1:1.1.22-0.rc1.9.27.el4_7.5 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdegraphics-devel is earlier than 7:3.5.4-12.el5_3 AND cups-lpd is earlier than 1:1.3.7-8.el5_3.4 AND tetex-dvips is earlier than 0:3.0-33.8.el5_5.5 AND kdegraphics is earlier than 7:3.5.4-12.el5_3 AND poppler is earlier than 0:0.5.4-4.4.el5_3.9 AND tetex-fonts is earlier than 0:3.0-33.8.el5_5.5 AND cups-libs is earlier than 1:1.3.7-8.el5_3.4 AND tetex is earlier than 0:3.0-33.8.el5_5.5 AND tetex-doc is earlier than 0:3.0-33.8.el5_5.5 AND poppler-devel is earlier than 0:0.5.4-4.4.el5_3.9 AND tetex-latex is earlier than 0:3.0-33.8.el5_5.5 AND poppler-utils is earlier than 0:0.5.4-4.4.el5_3.9 AND cups-devel is earlier than 1:1.3.7-8.el5_3.4 AND tetex-afm is earlier than 0:3.0-33.8.el5_5.5 AND tetex-xdvi is earlier than 0:3.0-33.8.el5_5.5 AND cups is earlier than 1:1.3.7-8.el5_3.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Cups cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.8 cpe:/a:apple:cups:1.3.7 cpe:/a:apple:cups:1.3.6 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.11 cpe:/a:apple:cups:1.3.10 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1	72
Application	Foolabs Xpdf cpe:/a:foolabs:xpdf:3.02 cpe:/a:foolabs:xpdf:3.01 cpe:/a:foolabs:xpdf:3.00 cpe:/a:foolabs:xpdf:2.03 cpe:/a:foolabs:xpdf:2.02 cpe:/a:foolabs:xpdf:2.01 cpe:/a:foolabs:xpdf:2.00 cpe:/a:foolabs:xpdf:1.01 cpe:/a:foolabs:xpdf:1.00a cpe:/a:foolabs:xpdf:1.00 cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93 cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92 cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91 cpe:/a:foolabs:xpdf:0.90 cpe:/a:foolabs:xpdf:0.80 cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.7 cpe:/a:foolabs:xpdf:0.6 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.5 cpe:/a:foolabs:xpdf:0.4 cpe:/a:foolabs:xpdf:0.3 cpe:/a:foolabs:xpdf:0.2	34

Open Source Vulnerability Database (OSVDB)

id	Description
54496	Xpdf JBIG2 Decoder PDF File Handling Multiple Function Overflows
54495	CUPS JBIG2 Decoder PDF File Handling Multiple Function Overflows

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BID	http://www.securityfocus.com/bid/34568
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/502750/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA09-133A.html
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=263028 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3639 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://wiki.rpath.com/Advisories:rPSA-2009-0061 https://bugzilla.redhat.com/show_bug.cgi?id=490614
DEBIAN	http://www.debian.org/security/2009/dsa-1790 http://www.debian.org/security/2009/dsa-1793
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
GENTOO	http://security.gentoo.org/glsa/glsa-200904-20.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
REDHAT	http://rhn.redhat.com/errata/RHSA-2009-0458.html http://www.redhat.com/support/errata/RHSA-2009-0429.html http://www.redhat.com/support/errata/RHSA-2009-0430.html http://www.redhat.com/support/errata/RHSA-2009-0431.html http://www.redhat.com/support/errata/RHSA-2009-0480.html
SECTRACK	http://www.securitytracker.com/id?1022073
SECUNIA	http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34755 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://secunia.com/advisories/34959 http://secunia.com/advisories/34963 http://secunia.com/advisories/34991 http://secunia.com/advisories/35037 http://secunia.com/advisories/35064 http://secunia.com/advisories/35065 http://secunia.com/advisories/35074 http://secunia.com/advisories/35618 http://secunia.com/advisories/35685
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&...
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
VUPEN	http://www.vupen.com/english/advisories/2009/1065 http://www.vupen.com/english/advisories/2009/1066 http://www.vupen.com/english/advisories/2009/1077 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2010/1040

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:42:10	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	106
osvdb(s)	2

Related	Severity
USN-973-1	(Critical)
TA09-133A	(Critical)
SUN-269008	(Critical)
MDVSA-2009:346	(Critical)
MDVSA-2009:282-1	(Critical)
MDVSA-2009:282	(Critical)
MDVSA-2009:281	(Critical)
MDVSA-2009:101	(Critical)
DSA-1793	(Critical)
DSA-1790	(Critical)
RHSA-2010:0400	(Critical)
MDVSA-2010:096	(Critical)
MDVSA-2010:087	(Critical)
MDVSA-2009:331	(Critical)
MDVSA-2009:283	(Critical)
USN-759-1	(High)
RHSA-2010:0399	(High)
RHSA-2009:0480	(High)
RHSA-2009:0458	(High)
RHSA-2009:0431	(High)
RHSA-2009:0430	(High)
RHSA-2009:0429	(High)
GLSA-200904-20	(Medium)