CVE-2009-0690

2009-06-2321:30:00

CWE-189

certcc

web.nvd.nist.gov

foxit

jpeg2000

jbig2

decoder

vulnerability

foxit reader

denial of service

memory corruption

application crash

arbitrary code

pdf

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.113

Percentile

95.3%

JSON

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.

Affected configurations

Nvd

Node

foxitsoftwarefoxit_readerMatch3.0

foxitsoftwarefoxit_readerMatch3.0.2009.1301

AND

foxitsoftwarejpeg2000\/jbig2_decoder_add-onMatch2.0.2009.303

VendorProductVersionCPE
foxitsoftwarefoxit_reader3.0cpe:2.3:a:foxitsoftware:foxit_reader:3.0:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.0.2009.1301cpe:2.3:a:foxitsoftware:foxit_reader:3.0.2009.1301:*:*:*:*:*:*:*
foxitsoftwarejpeg2000\/jbig2_decoder_add-on2.0.2009.303cpe:2.3:a:foxitsoftware:jpeg2000\/jbig2_decoder_add-on:2.0.2009.303:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxitsoftware	foxit_reader	3.0	cpe:2.3:a:foxitsoftware:foxit_reader:3.0:::::::*
foxitsoftware	foxit_reader	3.0.2009.1301	cpe:2.3:a:foxitsoftware:foxit_reader:3.0.2009.1301:::::::*
foxitsoftware	jpeg2000\/jbig2_decoder_add-on	2.0.2009.303	cpe:2.3:a:foxitsoftware:jpeg2000\/jbig2_decoder_add-on:2.0.2009.303:::::::*