CVE-2009-0691

2022-10-0316:24:09

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-0691

foxit reader

denial of service

memory corruption

application crash

arbitrary code execution

jpeg2000

jpx

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.1%

JSON

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.

Affected configurations

NVD

Node

foxitsoftwarejpeg2000_jbig2_decoder_add-onRange≤2.0.2009.303

AND

foxitsoftwarefoxit_readerMatch3.0

CPENameOperatorVersion
foxitsoftware:jpeg2000_jbig2_decoder_add-onfoxitsoftware jpeg2000 jbig2 decoder add-onle2.0.2009.303
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.0

CPE	Name	Operator	Version
foxitsoftware:jpeg2000_jbig2_decoder_add-on	foxitsoftware jpeg2000 jbig2 decoder add-on	le	2.0.2009.303
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.0