CVE-2009-0791

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-0791
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-0791.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2009-0791
Related
Published
2009-06-09T17:30:00Z
Modified
2024-06-30T12:00:03Z
Summary
[none]
Details

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.

References

Affected packages

Debian:11 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.10-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.10-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.10-1

Ecosystem specific

{
    "urgency": "medium"
}