Home > Vulnerability Database > CVE-2009-0791

Mend.io Vulnerability Database

CVE-2009-0791

Date: June 9, 2009

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.

Language: C++

Severity Score

5.6

Related Resources (26)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=491840

Url: http://www.securityfocus.com/bid/35195

Url: http://secunia.com/advisories/37023

Url: http://secunia.com/advisories/35340

Url: https://rhn.redhat.com/errata/RHSA-2009-1502.html

Url: http://secunia.com/advisories/35685

Url: http://secunia.com/advisories/37028

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534

Url: http://www.redhat.com/support/errata/RHSA-2009-1083.html

Url: https://rhn.redhat.com/errata/RHSA-2009-1501.html

Url: https://rhn.redhat.com/errata/RHSA-2009-1512.html

Url: http://www.vupen.com/english/advisories/2009/1488

Url: http://secunia.com/advisories/37077

Url: http://secunia.com/advisories/37079

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0791

Url: http://secunia.com/advisories/37037

Url: https://rhn.redhat.com/errata/RHSA-2009-1503.html

Url: https://rhn.redhat.com/errata/RHSA-2009-1500.html

Url: https://access.redhat.com/security/cve/CVE-2009-0791

Url: http://secunia.com/advisories/37043

Url: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/50941

Url: http://www.vupen.com/english/advisories/2009/2928

Url: http://securitytracker.com/id?1022326

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

Url: https://www.mend.io/vulnerability-database/CVE-2009-0791

Severity Score

5.6

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0791

Date: June 9, 2009

Language: C++

Severity Score

Related Resources (26)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?