CVE-2009-0195
UnknownEPSS 5.37%
Last modified
CVE-2009-0195 is a vulnerability of currently unknown severity. Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.. EPSS estimates a 5.37% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Cups | 1.3.9 |
| Foolabs | Xpdf | 0.5a |
| Foolabs | Xpdf | 0.7a |
| Foolabs | Xpdf | 0.91a |
| Foolabs | Xpdf | 0.91b |
| Foolabs | Xpdf | 0.91c |
| Foolabs | Xpdf | 0.92a |
| Foolabs | Xpdf | 0.92b |
| Foolabs | Xpdf | 0.92c |
| Foolabs | Xpdf | 0.92d |
| Foolabs | Xpdf | 0.92e |
| Foolabs | Xpdf | 0.93a |
| Foolabs | Xpdf | 0.93b |
| Foolabs | Xpdf | 0.93c |
| Foolabs | Xpdf | 1.00a |
| Foolabs | Xpdf | 3.0.1 |
| Glyphandcog | Xpdfreader | <= 3.02 |
| Glyphandcog | Xpdfreader | 0.2 |
| Glyphandcog | Xpdfreader | 0.3 |
| Glyphandcog | Xpdfreader | 0.4 |
| Glyphandcog | Xpdfreader | 0.5 |
| Glyphandcog | Xpdfreader | 0.6 |
| Glyphandcog | Xpdfreader | 0.7 |
| Glyphandcog | Xpdfreader | 0.80 |
| Glyphandcog | Xpdfreader | 0.90 |
| Glyphandcog | Xpdfreader | 0.91 |
| Glyphandcog | Xpdfreader | 0.92 |
| Glyphandcog | Xpdfreader | 0.93 |
| Glyphandcog | Xpdfreader | 1.00 |
| Glyphandcog | Xpdfreader | 1.01 |
| Glyphandcog | Xpdfreader | 2.00 |
| Glyphandcog | Xpdfreader | 2.01 |
| Glyphandcog | Xpdfreader | 2.02 |
| Glyphandcog | Xpdfreader | 2.03 |
| Glyphandcog | Xpdfreader | 3.00 |
References
- http://secunia.com/secunia_research/2009-17/Vendor Advisory
- http://secunia.com/secunia_research/2009-18/Vendor Advisory
- http://secunia.com/secunia_research/2009-17/Vendor Advisory
- http://secunia.com/secunia_research/2009-18/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0195?
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
How severe is CVE-2009-0195?
Severity scoring for CVE-2009-0195 is pending analysis. The EPSS model estimates a 5.37% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0195?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2009-0195?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST