CVE - CVE-2009-0147

CVE-ID
CVE-2009-0147	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090417 rPSA-2009-0059-1 poppler URL:http://www.securityfocus.com/archive/1/502761/100/0/threaded BUGTRAQ:20090417 rPSA-2009-0061-1 cups URL:http://www.securityfocus.com/archive/1/502750/100/0/threaded CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=263028 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=490614 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0059 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0061 CONFIRM:http://support.apple.com/kb/HT3549 CONFIRM:http://support.apple.com/kb/HT3639 APPLE:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html APPLE:APPLE-SA-2009-06-17-1 URL:http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html DEBIAN:DSA-1790 URL:http://www.debian.org/security/2009/dsa-1790 DEBIAN:DSA-1793 URL:http://www.debian.org/security/2009/dsa-1793 FEDORA:FEDORA-2009-6973 URL:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html FEDORA:FEDORA-2009-6982 URL:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html FEDORA:FEDORA-2009-6972 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html GENTOO:GLSA-200904-20 URL:http://security.gentoo.org/glsa/glsa-200904-20.xml MANDRIVA:MDVSA-2009:101 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 MANDRIVA:MDVSA-2010:087 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 REDHAT:RHSA-2009:0430 URL:http://www.redhat.com/support/errata/RHSA-2009-0430.html REDHAT:RHSA-2009:0429 URL:http://www.redhat.com/support/errata/RHSA-2009-0429.html REDHAT:RHSA-2009:0431 URL:http://www.redhat.com/support/errata/RHSA-2009-0431.html REDHAT:RHSA-2009:0458 URL:http://rhn.redhat.com/errata/RHSA-2009-0458.html REDHAT:RHSA-2009:0480 URL:http://www.redhat.com/support/errata/RHSA-2009-0480.html SLACKWARE:SSA:2009-129-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477 SUSE:SUSE-SA:2009:024 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html SUSE:SUSE-SR:2009:010 URL:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html SUSE:SUSE-SR:2009:012 URL:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html CERT:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html BID:34568 URL:http://www.securityfocus.com/bid/34568 OVAL:oval:org.mitre.oval:def:9941 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9941 SECTRACK:1022073 URL:http://www.securitytracker.com/id?1022073 SECUNIA:34755 URL:http://secunia.com/advisories/34755 SECUNIA:34291 URL:http://secunia.com/advisories/34291 SECUNIA:34481 URL:http://secunia.com/advisories/34481 SECUNIA:34852 URL:http://secunia.com/advisories/34852 SECUNIA:34756 URL:http://secunia.com/advisories/34756 SECUNIA:34959 URL:http://secunia.com/advisories/34959 SECUNIA:34963 URL:http://secunia.com/advisories/34963 SECUNIA:35037 URL:http://secunia.com/advisories/35037 SECUNIA:35065 URL:http://secunia.com/advisories/35065 SECUNIA:35074 URL:http://secunia.com/advisories/35074 SECUNIA:34991 URL:http://secunia.com/advisories/34991 SECUNIA:35064 URL:http://secunia.com/advisories/35064 SECUNIA:35618 URL:http://secunia.com/advisories/35618 SECUNIA:35685 URL:http://secunia.com/advisories/35685 VUPEN:ADV-2009-1065 URL:http://www.vupen.com/english/advisories/2009/1065 VUPEN:ADV-2009-1066 URL:http://www.vupen.com/english/advisories/2009/1066 VUPEN:ADV-2009-1077 URL:http://www.vupen.com/english/advisories/2009/1077 VUPEN:ADV-2009-1297 URL:http://www.vupen.com/english/advisories/2009/1297 VUPEN:ADV-2009-1621 URL:http://www.vupen.com/english/advisories/2009/1621 VUPEN:ADV-2010-1040 URL:http://www.vupen.com/english/advisories/2010/1040
Assigning CNA
N/A
Date Entry Created
20090116	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org