CVE-2009-0191

2009-03-1020:30:06

CWE-94

flexera

web.nvd.nist.gov

foxit reader

jbig2

vulnerability

pdf

code execution

cve-2009-0191

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.089

Percentile

94.6%

JSON

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.

Affected configurations

Nvd

Node

foxitsoftwarefoxit_readerMatch2.3

foxitsoftwarefoxit_readerMatch3.0

foxitsoftwarefoxit_readerMatch3.0.2009.1301

VendorProductVersionCPE
foxitsoftwarefoxit_reader2.3cpe:2.3:a:foxitsoftware:foxit_reader:2.3:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.0cpe:2.3:a:foxitsoftware:foxit_reader:3.0:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.0.2009.1301cpe:2.3:a:foxitsoftware:foxit_reader:3.0.2009.1301:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxitsoftware	foxit_reader	2.3	cpe:2.3:a:foxitsoftware:foxit_reader:2.3:::::::*
foxitsoftware	foxit_reader	3.0	cpe:2.3:a:foxitsoftware:foxit_reader:3.0:::::::*
foxitsoftware	foxit_reader	3.0.2009.1301	cpe:2.3:a:foxitsoftware:foxit_reader:3.0.2009.1301:::::::*