CVE-2009-0166 - OpenCVE

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Cups
Foolabs	Xpdf
Poppler	Poppler
Glyphandcog	Xpdfreader

Configuration 1 [-]

OR	cpe:2.3:a:foolabs:xpdf:0.5a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.7a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91c:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92c:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92d:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92e:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93c:::::::*
	cpe:2.3:a:foolabs:xpdf:1.00a:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader::::::::
	cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:poppler:poppler::::::::
	cpe:2.3:a:poppler:poppler:0.1:::::::*
	cpe:2.3:a:poppler:poppler:0.1.1:::::::*
	cpe:2.3:a:poppler:poppler:0.1.2:::::::*
	cpe:2.3:a:poppler:poppler:0.2.0:::::::*
	cpe:2.3:a:poppler:poppler:0.3.0:::::::*
	cpe:2.3:a:poppler:poppler:0.3.1:::::::*
	cpe:2.3:a:poppler:poppler:0.3.2:::::::*
	cpe:2.3:a:poppler:poppler:0.3.3:::::::*
	cpe:2.3:a:poppler:poppler:0.4.0:::::::*
	cpe:2.3:a:poppler:poppler:0.4.1:::::::*
	cpe:2.3:a:poppler:poppler:0.4.2:::::::*
	cpe:2.3:a:poppler:poppler:0.4.3:::::::*
	cpe:2.3:a:poppler:poppler:0.4.4:::::::*
	cpe:2.3:a:poppler:poppler:0.5.0:::::::*
	cpe:2.3:a:poppler:poppler:0.5.1:::::::*
	cpe:2.3:a:poppler:poppler:0.5.2:::::::*
	cpe:2.3:a:poppler:poppler:0.5.3:::::::*
	cpe:2.3:a:poppler:poppler:0.5.4:::::::*
	cpe:2.3:a:poppler:poppler:0.5.9:::::::*
	cpe:2.3:a:poppler:poppler:0.5.90:::::::*
	cpe:2.3:a:poppler:poppler:0.5.91:::::::*
	cpe:2.3:a:poppler:poppler:0.6.0:::::::*
	cpe:2.3:a:poppler:poppler:0.6.1:::::::*
	cpe:2.3:a:poppler:poppler:0.6.2:::::::*
	cpe:2.3:a:poppler:poppler:0.6.3:::::::*
	cpe:2.3:a:poppler:poppler:0.6.4:::::::*
	cpe:2.3:a:poppler:poppler:0.7.0:::::::*
	cpe:2.3:a:poppler:poppler:0.7.1:::::::*
	cpe:2.3:a:poppler:poppler:0.7.2:::::::*
	cpe:2.3:a:poppler:poppler:0.7.3:::::::*
	cpe:2.3:a:poppler:poppler:0.8.0:::::::*
	cpe:2.3:a:poppler:poppler:0.8.1:::::::*
	cpe:2.3:a:poppler:poppler:0.8.2:::::::*
	cpe:2.3:a:poppler:poppler:0.8.3:::::::*
	cpe:2.3:a:poppler:poppler:0.8.4:::::::*
	cpe:2.3:a:poppler:poppler:0.8.5:::::::*
	cpe:2.3:a:poppler:poppler:0.8.6:::::::*
	cpe:2.3:a:poppler:poppler:0.8.7:::::::*
	cpe:2.3:a:poppler:poppler:0.9.0:::::::*
	cpe:2.3:a:poppler:poppler:0.9.1:::::::*
	cpe:2.3:a:poppler:poppler:0.9.2:::::::*
	cpe:2.3:a:poppler:poppler:0.9.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.0:::::::*
	cpe:2.3:a:poppler:poppler:0.10.1:::::::*
	cpe:2.3:a:poppler:poppler:0.10.2:::::::*
	cpe:2.3:a:poppler:poppler:0.10.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.4:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:apple:cups::::::::
	cpe:2.3:a:apple:cups:1.1:::::::*
	cpe:2.3:a:apple:cups:1.1.1:::::::*
	cpe:2.3:a:apple:cups:1.1.2:::::::*
	cpe:2.3:a:apple:cups:1.1.3:::::::*
	cpe:2.3:a:apple:cups:1.1.4:::::::*
	cpe:2.3:a:apple:cups:1.1.5:::::::*
	cpe:2.3:a:apple:cups:1.1.5-1:::::::*
	cpe:2.3:a:apple:cups:1.1.5-2:::::::*
	cpe:2.3:a:apple:cups:1.1.6:::::::*
	cpe:2.3:a:apple:cups:1.1.6-1:::::::*
	cpe:2.3:a:apple:cups:1.1.6-2:::::::*
	cpe:2.3:a:apple:cups:1.1.6-3:::::::*
	cpe:2.3:a:apple:cups:1.1.7:::::::*
	cpe:2.3:a:apple:cups:1.1.8:::::::*
	cpe:2.3:a:apple:cups:1.1.9:::::::*
	cpe:2.3:a:apple:cups:1.1.9-1:::::::*
	cpe:2.3:a:apple:cups:1.1.10:::::::*
	cpe:2.3:a:apple:cups:1.1.10-1:::::::*
	cpe:2.3:a:apple:cups:1.1.11:::::::*
	cpe:2.3:a:apple:cups:1.1.12:::::::*
	cpe:2.3:a:apple:cups:1.1.13:::::::*
	cpe:2.3:a:apple:cups:1.1.14:::::::*
	cpe:2.3:a:apple:cups:1.1.15:::::::*
	cpe:2.3:a:apple:cups:1.1.16:::::::*
	cpe:2.3:a:apple:cups:1.1.17:::::::*
	cpe:2.3:a:apple:cups:1.1.18:::::::*
	cpe:2.3:a:apple:cups:1.1.19:::::::*
	cpe:2.3:a:apple:cups:1.1.19:rc1::::::
	cpe:2.3:a:apple:cups:1.1.19:rc2::::::
	cpe:2.3:a:apple:cups:1.1.19:rc3::::::
	cpe:2.3:a:apple:cups:1.1.19:rc4::::::
	cpe:2.3:a:apple:cups:1.1.19:rc5::::::
	cpe:2.3:a:apple:cups:1.1.20:::::::*
	cpe:2.3:a:apple:cups:1.1.20:rc1::::::
	cpe:2.3:a:apple:cups:1.1.20:rc2::::::
	cpe:2.3:a:apple:cups:1.1.20:rc3::::::
	cpe:2.3:a:apple:cups:1.1.20:rc4::::::
	cpe:2.3:a:apple:cups:1.1.20:rc5::::::
	cpe:2.3:a:apple:cups:1.1.20:rc6::::::
	cpe:2.3:a:apple:cups:1.1.21:::::::*
	cpe:2.3:a:apple:cups:1.1.21:rc1::::::
	cpe:2.3:a:apple:cups:1.1.21:rc2::::::
	cpe:2.3:a:apple:cups:1.1.22:::::::*
	cpe:2.3:a:apple:cups:1.1.22:rc1::::::
	cpe:2.3:a:apple:cups:1.1.22:rc2::::::
	cpe:2.3:a:apple:cups:1.1.23:::::::*
	cpe:2.3:a:apple:cups:1.1.23:rc1::::::
	cpe:2.3:a:apple:cups:1.2.0:::::::*
	cpe:2.3:a:apple:cups:1.2.1:::::::*
	cpe:2.3:a:apple:cups:1.2.2:::::::*
	cpe:2.3:a:apple:cups:1.2.3:::::::*
	cpe:2.3:a:apple:cups:1.2.4:::::::*
	cpe:2.3:a:apple:cups:1.2.5:::::::*
	cpe:2.3:a:apple:cups:1.2.6:::::::*
	cpe:2.3:a:apple:cups:1.2.7:::::::*
	cpe:2.3:a:apple:cups:1.2.8:::::::*
	cpe:2.3:a:apple:cups:1.2.9:::::::*
	cpe:2.3:a:apple:cups:1.2.10:::::::*
	cpe:2.3:a:apple:cups:1.2.11:::::::*
	cpe:2.3:a:apple:cups:1.2.12:::::::*
	cpe:2.3:a:apple:cups:1.3.0:::::::*
	cpe:2.3:a:apple:cups:1.3.1:::::::*
	cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups:1.3.7:::::::*
cpe:2.3:a:apple:cups:1.3.8:::::::*
cpe:2.3:a:apple:cups:1.3.10:::::::*
cpe:2.3:a:apple:cups:1.3.11:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://rhn.redhat.com/errata/RHSA-2009-0458.html	Patch
http://secunia.com/advisories/34291	Vendor Advisory
http://secunia.com/advisories/34481	Vendor Advisory
http://secunia.com/advisories/34755	Vendor Advisory
http://secunia.com/advisories/34756	Vendor Advisory
http://secunia.com/advisories/34852	Vendor Advisory
http://secunia.com/advisories/34959	Vendor Advisory
http://secunia.com/advisories/34963	Vendor Advisory
http://secunia.com/advisories/34991	Vendor Advisory
http://secunia.com/advisories/35037	Vendor Advisory
http://secunia.com/advisories/35064	Vendor Advisory
http://secunia.com/advisories/35065	Vendor Advisory
http://secunia.com/advisories/35618	Vendor Advisory
http://secunia.com/advisories/35685	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
http://wiki.rpath.com/Advisories:rPSA-2009-0061
http://www.debian.org/security/2009/dsa-1790	Patch
http://www.debian.org/security/2009/dsa-1793	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0429.html	Patch
http://www.redhat.com/support/errata/RHSA-2009-0430.html	Patch
http://www.redhat.com/support/errata/RHSA-2009-0431.html	Patch
http://www.redhat.com/support/errata/RHSA-2009-0480.html	Patch
http://www.securityfocus.com/archive/1/502750/100/0/threaded
http://www.securityfocus.com/bid/34568	Patch
http://www.securitytracker.com/id?1022073
http://www.vupen.com/english/advisories/2009/1065	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1066	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1077	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1040	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=490625
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html