CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%
Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Xpdf is an open source viewer for Portable Document Format (PDF) files. Several PDF viewing applications and libraries, such as poppler, are based on the Xpdf code. Xpdf contains multiple vulnerabilities related to the handling of PDF files that contain JBIG2 data. The vulnerabilities include, but are not limited to, a buffer overflow, an integer overflow, a null pointer dereference, and an infinite loop.
By convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
Apply an update
These issues are addressed in Xpdf 3.02-pl3 and poppler 0.10.6. Please check with your vendor for software updates.
196617
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 23, 2009 Updated: May 13, 2009
Affected
We have not received a statement from the vendor.
Please see Apple Security Update 2009-002.
Notified: April 06, 2009 Updated: May 06, 2009
Affected
We have not received a statement from the vendor.
Please see Debian Security Advisory DSA-1790-1.
Notified: April 06, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 29, 2009
Affected
We have not received a statement from the vendor.
Please see MDVSA-2009:101 for more details.
Notified: March 12, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
These issues are addressed in poppler 0.10.6.
Notified: March 12, 2009 Updated: April 17, 2009
Affected
We have not received a statement from the vendor.
Please see Red Hat Security Advisory RHSA-2009:0429-1 and RHSA-2009:0431-1 for vulnerability details and patch availability.
Notified: March 31, 2009 Updated: April 16, 2009
Statement Date: February 23, 2009
Affected
We have not received a statement from the vendor.
Please see BlackBerry document KB17953 for vulnerability details and a patch.
Notified: March 30, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: March 12, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
Please see USN-759-1.
Notified: February 23, 2009 Updated: April 16, 2009
Affected
We have not received a statement from the vendor.
These issues are addressed in Xpdf 3.02-pl3.
Notified: February 23, 2009 Updated: February 23, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2009 Updated: February 23, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2009 Updated: April 08, 2009
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 06, 2009 Updated: April 06, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2009 Updated: February 23, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 43 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P |
Temporal | 7 | E:POC/RL:OF/RC:C |
Environmental | 7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
These vulnerabilities were reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
CVE IDs: | CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188 |
---|---|
Severity Metric: | 5.01 Date Public: |
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
blackberry.com/btsc/KB17953
cgit.freedesktop.org/poppler/poppler/commit/?id=9f1312f3d7dfa7e536606a7c7296b7c876b11c00
jvn.jp/cert/JVNVU196617/index.html
rhn.redhat.com/errata/RHSA-2009-0429.html
rhn.redhat.com/errata/RHSA-2009-0431.html
secunia.com/advisories/34291/
support.apple.com/kb/HT3549
www.debian.org/security/2009/dsa-1790
www.mandriva.com/en/security/advisories?name=MDVSA-2009:101
www.securityfocus.com/bid/34568
www.securitytracker.com/alerts/2009/Apr/1022072.html
www.ubuntu.com/usn/usn-759-1