CVE - CVE-2009-0147

CVE-ID
CVE-2009-0147	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html APPLE:APPLE-SA-2009-06-17-1 URL:http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BID:34568 URL:http://www.securityfocus.com/bid/34568 BUGTRAQ:20090417 rPSA-2009-0059-1 poppler URL:http://www.securityfocus.com/archive/1/502761/100/0/threaded BUGTRAQ:20090417 rPSA-2009-0061-1 cups URL:http://www.securityfocus.com/archive/1/502750/100/0/threaded CERT:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=263028 CONFIRM:http://support.apple.com/kb/HT3549 CONFIRM:http://support.apple.com/kb/HT3639 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0059 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0061 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=490614 DEBIAN:DSA-1790 URL:http://www.debian.org/security/2009/dsa-1790 DEBIAN:DSA-1793 URL:http://www.debian.org/security/2009/dsa-1793 FEDORA:FEDORA-2009-6972 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html FEDORA:FEDORA-2009-6973 URL:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html FEDORA:FEDORA-2009-6982 URL:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html GENTOO:GLSA-200904-20 URL:http://security.gentoo.org/glsa/glsa-200904-20.xml MANDRIVA:MDVSA-2009:101 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:101~~ (Obsolete source) MANDRIVA:MDVSA-2010:087 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:087~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9941 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941 REDHAT:RHSA-2009:0429 URL:http://www.redhat.com/support/errata/RHSA-2009-0429.html REDHAT:RHSA-2009:0430 URL:http://www.redhat.com/support/errata/RHSA-2009-0430.html REDHAT:RHSA-2009:0431 URL:http://www.redhat.com/support/errata/RHSA-2009-0431.html REDHAT:RHSA-2009:0458 URL:http://rhn.redhat.com/errata/RHSA-2009-0458.html REDHAT:RHSA-2009:0480 URL:http://www.redhat.com/support/errata/RHSA-2009-0480.html SECTRACK:1022073 URL:http://www.securitytracker.com/id?1022073 SECUNIA:34291 URL:http://secunia.com/advisories/34291 SECUNIA:34481 URL:http://secunia.com/advisories/34481 SECUNIA:34755 URL:http://secunia.com/advisories/34755 SECUNIA:34756 URL:http://secunia.com/advisories/34756 SECUNIA:34852 URL:http://secunia.com/advisories/34852 SECUNIA:34959 URL:http://secunia.com/advisories/34959 SECUNIA:34963 URL:http://secunia.com/advisories/34963 SECUNIA:34991 URL:http://secunia.com/advisories/34991 SECUNIA:35037 URL:http://secunia.com/advisories/35037 SECUNIA:35064 URL:http://secunia.com/advisories/35064 SECUNIA:35065 URL:http://secunia.com/advisories/35065 SECUNIA:35074 URL:http://secunia.com/advisories/35074 SECUNIA:35618 URL:http://secunia.com/advisories/35618 SECUNIA:35685 URL:http://secunia.com/advisories/35685 SLACKWARE:SSA:2009-129-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 SUSE:SUSE-SA:2009:024 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html SUSE:SUSE-SR:2009:010 URL:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html SUSE:SUSE-SR:2009:012 URL:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html VUPEN:ADV-2009-1065 URL:~~http://www.vupen.com/english/advisories/2009/1065~~ (Obsolete source) VUPEN:ADV-2009-1066 URL:~~http://www.vupen.com/english/advisories/2009/1066~~ (Obsolete source) VUPEN:ADV-2009-1077 URL:~~http://www.vupen.com/english/advisories/2009/1077~~ (Obsolete source) VUPEN:ADV-2009-1297 URL:~~http://www.vupen.com/english/advisories/2009/1297~~ (Obsolete source) VUPEN:ADV-2009-1621 URL:~~http://www.vupen.com/english/advisories/2009/1621~~ (Obsolete source) VUPEN:ADV-2010-1040 URL:~~http://www.vupen.com/english/advisories/2010/1040~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20090116	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)