CVE-2009-3794: Buffer Overflow
First published: Thu Dec 03 2009(Updated: )
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/flash-plugin | <0:9.0.260.0-1.el3 | 0:9.0.260.0-1.el3 |
| redhat/flash-plugin | <0:9.0.260.0-1.el4 | 0:9.0.260.0-1.el4 |
| redhat/flash-plugin | <0:10.0.42.34-1.el5 | 0:10.0.42.34-1.el5 |
| Adobe Adobe Air | =1.0 | |
| Adobe Flash Player | =9.125.0 | |
| Adobe Adobe Air | =1.5.1 | |
| Adobe Flash Player | =8.0.24.0 | |
| Adobe Flash Player | =9.0.18d60 | |
| Adobe Flash Player | =7.1.1 | |
| Adobe Flash Player | =9.0.124.0 | |
| Adobe Flash Player | =9.0.47.0 | |
| Adobe Flash Player | =7.0.63 | |
| Adobe Flash Player | =7.0.70.0 | |
| Adobe Flash Player | =10.0.12.36 | |
| Adobe Flash Player | =8.0.35.0 | |
| Adobe Flash Player | =9.0.114.0 | |
| Adobe Flash Player | =8.0 | |
| Adobe Flash Player | =9.0.20.0 | |
| Adobe Flash Player | =9.0.31.0 | |
| Adobe Flash Player | =9.0.159.0 | |
| Adobe Flash Player | =9.0.112.0 | |
| Adobe Flash Player | =9.0.16 | |
| Adobe Flash Player | =8 | |
| Adobe Flash Player | =10.0.0.584 | |
| Adobe Flash Player | =9.0.28.0 | |
| Adobe Flash Player | =7.0.69.0 | |
| Adobe Flash Player | =9.0.155.0 | |
| Adobe Flash Player | =10.0.22.87 | |
| Adobe Flash Player | =9.0.28 | |
| Adobe Flash Player | =9.0.45.0 | |
| Adobe Flash Player | =7.0 | |
| Adobe Flash Player | =9.0.31 | |
| Adobe Flash Player | =7.2 | |
| Adobe Adobe Air | <=1.5.2 | |
| Adobe Flash Player | =9.0.115.0 | |
| Adobe Flash Player | =7.0.25 | |
| Adobe Flash Player | =8.0 | |
| Adobe Flash Player | =8.0.39.0 | |
| Adobe Adobe Air | =1.0.1 | |
| Adobe Flash Player | =8.0.34.0 | |
| Adobe Flash Player | =8 | |
| Adobe Adobe Air | =1.1 | |
| Adobe Flash Player | =7.1 | |
| Adobe Flash Player | =10.0.12.10 | |
| Adobe Flash Player | <=10.0.32.18 | |
| Adobe Flash Player | =9.0.20 | |
| Adobe Flash Player | =7.0.1 | |
| Adobe Flash Player | =8.0 | |
| Adobe Flash Player | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA09-343A.html
- http://www.redhat.com/support/errata/RHSA-2009-1657.html
- http://securitytracker.com/id?1023307
- http://securitytracker.com/id?1023306
- https://bugzilla.redhat.com/show_bug.cgi?id=543857
- http://www.vupen.com/english/advisories/2009/3456
- http://www.redhat.com/support/errata/RHSA-2009-1658.html
- http://www.securityfocus.com/bid/37199
- http://zerodayinitiative.com/advisories/ZDI-09-092/
- http://secunia.com/advisories/37584
- http://www.adobe.com/support/security/bulletins/apsb09-19.html
- http://osvdb.org/60885
- http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html
- http://secunia.com/advisories/37902
- http://support.apple.com/kb/HT4004
- http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
- http://secunia.com/advisories/38241
- http://www.vupen.com/english/advisories/2010/0173
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54631
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8686
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7465
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15948
- http://www.securityfocus.com/archive/1/508336/100/0/threaded
- https://access.redhat.com/security/cve/CVE-2009-3794
- https://access.redhat.com/security/cve/CVE-2009-3796
- https://access.redhat.com/security/cve/CVE-2009-3797
- https://access.redhat.com/security/cve/CVE-2009-3798
- https://access.redhat.com/security/cve/CVE-2009-3799
- https://access.redhat.com/security/cve/CVE-2009-3800
- https://rhn.redhat.com/errata/RHSA-2009-1657.html
- https://rhn.redhat.com/errata/RHSA-2009-1658.html
- https://www.cve.org/CVERecord?id=CVE-2009-3794 https://nvd.nist.gov/vuln/detail/CVE-2009-3794
- https://access.redhat.com/errata/RHSA-2009:1658
- https://access.redhat.com/errata/RHSA-2009:1657
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3794.json
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3794
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe adobe air
- version/adobe adobe air/1.0
- canonical/adobe flash player
- version/adobe flash player/9.125.0
- version/adobe adobe air/1.5.1
- version/adobe flash player/8.0.24.0
- version/adobe flash player/9.0.18d60
- version/adobe flash player/7.1.1
- version/adobe flash player/9.0.124.0
- version/adobe flash player/9.0.47.0
- version/adobe flash player/7.0.63
- version/adobe flash player/7.0.70.0
- version/adobe flash player/10.0.12.36
- version/adobe flash player/8.0.35.0
- version/adobe flash player/9.0.114.0
- version/adobe flash player/8.0
- version/adobe flash player/9.0.20.0
- version/adobe flash player/9.0.31.0
- version/adobe flash player/9.0.159.0
- version/adobe flash player/9.0.112.0
- version/adobe flash player/9.0.16
- version/adobe flash player/8
- version/adobe flash player/10.0.0.584
- version/adobe flash player/9.0.28.0
- version/adobe flash player/7.0.69.0
- version/adobe flash player/9.0.155.0
- version/adobe flash player/10.0.22.87
- version/adobe flash player/9.0.28
- version/adobe flash player/9.0.45.0
- version/adobe flash player/7.0
- version/adobe flash player/9.0.31
- version/adobe flash player/7.2
- version/adobe adobe air/1.5.2
- version/adobe flash player/9.0.115.0
- version/adobe flash player/7.0.25
- version/adobe flash player/8.0.39.0
- version/adobe adobe air/1.0.1
- version/adobe flash player/8.0.34.0
- version/adobe adobe air/1.1
- version/adobe flash player/7.1
- version/adobe flash player/10.0.12.10
- version/adobe flash player/10.0.32.18
- version/adobe flash player/9.0.20
- version/adobe flash player/7.0.1
- version/adobe flash player/9.0
- package-manager/redhat