First published: Wed Apr 15 2009(Updated: )
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Xpdf | =0.91c | |
Xpdf | =0.91b | |
Xpdf | =0.93b | |
Xpdf | =1.00a | |
Xpdf | =0.91a | |
Xpdf | =0.92e | |
Xpdf | =0.5a | |
Xpdf | =0.92b | |
Xpdf | =0.93c | |
Xpdf | =0.92c | |
Xpdf | =0.7a | |
Xpdf | =0.93a | |
Xpdf | =0.92d | |
Xpdf | =0.92a | |
Glyph & Cog XpdfReader | =0.2 | |
Glyph & Cog XpdfReader | =0.3 | |
Glyph & Cog XpdfReader | =0.4 | |
Glyph & Cog XpdfReader | =0.5 | |
Glyph & Cog XpdfReader | =0.6 | |
Glyph & Cog XpdfReader | =0.80 | |
Glyph & Cog XpdfReader | =0.90 | |
Glyph & Cog XpdfReader | =1.00 | |
Glyph & Cog XpdfReader | =1.01 | |
Glyph & Cog XpdfReader | =2.00 | |
Glyph & Cog XpdfReader | =2.01 | |
Glyph & Cog XpdfReader | =2.03 | |
Glyph & Cog XpdfReader | =3.00 | |
Glyph & Cog XpdfReader | =3.01 | |
Glyph & Cog XpdfReader | =0.7 | |
Glyph & Cog XpdfReader | =0.91 | |
Glyph & Cog XpdfReader | =0.92 | |
Glyph & Cog XpdfReader | =0.93 | |
Glyph & Cog XpdfReader | =2.02 | |
Glyph & Cog XpdfReader | <=3.02 | |
Poppler Utilities | =0.7.3 | |
Poppler Utilities | =0.3.2 | |
Poppler Utilities | =0.10.3 | |
Poppler Utilities | =0.4.0 | |
Poppler Utilities | =0.8.5 | |
Poppler Utilities | =0.9.3 | |
Poppler Utilities | =0.10.1 | |
Poppler Utilities | =0.10.0 | |
Poppler Utilities | =0.7.1 | |
Poppler Utilities | =0.6.1 | |
Poppler Utilities | =0.3.1 | |
Poppler Utilities | =0.5.2 | |
Poppler Utilities | =0.5.91 | |
Poppler Utilities | =0.6.0 | |
Poppler Utilities | =0.3.3 | |
Poppler Utilities | =0.4.2 | |
Poppler Utilities | =0.10.4 | |
Poppler Utilities | =0.9.2 | |
Poppler Utilities | =0.6.4 | |
Poppler Utilities | =0.1.2 | |
Poppler Utilities | =0.8.0 | |
Poppler Utilities | =0.8.3 | |
Poppler Utilities | =0.7.0 | |
Poppler Utilities | =0.7.2 | |
Poppler Utilities | =0.5.0 | |
Poppler Utilities | =0.8.6 | |
Poppler Utilities | =0.5.9 | |
Poppler Utilities | =0.5.90 | |
Poppler Utilities | =0.6.3 | |
Poppler Utilities | =0.2.0 | |
Poppler Utilities | =0.8.4 | |
Poppler Utilities | =0.5.4 | |
Poppler Utilities | =0.1.1 | |
Poppler Utilities | =0.9.0 | |
Poppler Utilities | =0.4.1 | |
Poppler Utilities | =0.5.3 | |
Poppler Utilities | <=0.10.5 | |
Poppler Utilities | =0.4.4 | |
Poppler Utilities | =0.8.7 | |
Poppler Utilities | =0.9.1 | |
Poppler Utilities | =0.3.0 | |
Poppler Utilities | =0.1 | |
Poppler Utilities | =0.6.2 | |
Poppler Utilities | =0.10.2 | |
Poppler Utilities | =0.4.3 | |
Poppler Utilities | =0.8.1 | |
Poppler Utilities | =0.5.1 | |
Poppler Utilities | =0.8.2 | |
CUPS | =1.1.20 | |
CUPS | =1.1.5-2 | |
CUPS | =1.1.14 | |
CUPS | =1.1.6-1 | |
CUPS | =1.1.18 | |
CUPS | =1.1.12 | |
CUPS | =1.3.11 | |
CUPS | =1.1.5-1 | |
CUPS | =1.3.3 | |
CUPS | =1.1.22 | |
CUPS | =1.2.0 | |
CUPS | =1.1.16 | |
CUPS | =1.3.1 | |
CUPS | =1.1.23-rc1 | |
CUPS | =1.1.20-rc1 | |
CUPS | =1.1.15 | |
CUPS | =1.1.17 | |
CUPS | =1.1.20-rc6 | |
CUPS | =1.2.4 | |
CUPS | =1.1.19-rc1 | |
CUPS | =1.3.2 | |
CUPS | =1.1.22-rc1 | |
CUPS | =1.1.7 | |
CUPS | =1.1.6-2 | |
CUPS | =1.1.3 | |
CUPS | =1.2.3 | |
CUPS | =1.1.21 | |
CUPS | =1.2.9 | |
CUPS | =1.2.10 | |
CUPS | =1.1.4 | |
CUPS | =1.1.23 | |
CUPS | =1.2.6 | |
CUPS | =1.3.8 | |
CUPS | =1.1.20-rc4 | |
CUPS | =1.1.19 | |
CUPS | =1.1 | |
CUPS | =1.3.4 | |
CUPS | =1.1.8 | |
CUPS | =1.1.5 | |
CUPS | =1.2.1 | |
CUPS | =1.1.2 | |
CUPS | =1.3.10 | |
CUPS | =1.1.13 | |
CUPS | =1.1.19-rc4 | |
CUPS | =1.1.9-1 | |
CUPS | =1.2.12 | |
CUPS | =1.1.21-rc2 | |
CUPS | =1.2.7 | |
CUPS | =1.1.6-3 | |
CUPS | =1.1.20-rc5 | |
CUPS | =1.1.9 | |
CUPS | =1.3.7 | |
CUPS | =1.1.19-rc5 | |
CUPS | <=1.3.9 | |
CUPS | =1.1.1 | |
CUPS | =1.2.8 | |
CUPS | =1.2.2 | |
CUPS | =1.1.10 | |
CUPS | =1.2.11 | |
CUPS | =1.1.22-rc2 | |
CUPS | =1.1.21-rc1 | |
CUPS | =1.1.11 | |
CUPS | =1.1.19-rc3 | |
CUPS | =1.1.6 | |
CUPS | =1.1.10-1 | |
CUPS | =1.3.0 | |
CUPS | =1.3.5 | |
CUPS | =1.3.6 | |
CUPS | =1.1.20-rc2 | |
CUPS | =1.1.20-rc3 | |
CUPS | =1.2.5 | |
CUPS | =1.1.19-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-0800 is classified as a critical vulnerability due to the potential for remote code execution.
To fix CVE-2009-0800, update the affected software to the latest version that has addressed the JBIG2 decoder flaws.
CVE-2009-0800 affects Xpdf versions 3.02pl2 and earlier, CUPS versions 1.3.9 and earlier, and certain versions of Poppler among others.
Yes, CVE-2009-0800 can be exploited remotely through specially crafted PDF files.
The risks of CVE-2009-0800 include the potential for attackers to execute arbitrary code on the affected system.