Details of VAR-200904-0808

ID

VAR-200904-0808

CVE

CVE-2009-0146

TITLE

Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data

Trust: 0.8

sources: CERT/CC: VU#196617

DESCRIPTION

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Xpdf is an open source viewer for Portable Document Format (PDF) files. Multiple buffer overflow vulnerabilities exist in Xpdf's JBIG2 decoder. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-1196) Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 _______________________________________________________________________ Updated Packages: Corporate 3.0: 86301a5d5c962256a88d4e15faba9bbf corporate/3.0/i586/cups-1.1.20-5.21.C30mdk.i586.rpm 378811817692045b489880711aa46c85 corporate/3.0/i586/cups-common-1.1.20-5.21.C30mdk.i586.rpm b0b493387f5b0a67eb1bfa7b2cda1152 corporate/3.0/i586/cups-serial-1.1.20-5.21.C30mdk.i586.rpm 7236d2f3677e5f6e2ea740e291e145d5 corporate/3.0/i586/libcups2-1.1.20-5.21.C30mdk.i586.rpm b6959ae680668c17cb2dc84077bfb1a8 corporate/3.0/i586/libcups2-devel-1.1.20-5.21.C30mdk.i586.rpm 902b2ecfff8325312ad095425ec6b31b corporate/3.0/SRPMS/cups-1.1.20-5.21.C30mdk.src.rpm Corporate 3.0/X86_64: 633954b881b4a13641c71f5d8937d70e corporate/3.0/x86_64/cups-1.1.20-5.21.C30mdk.x86_64.rpm b1f94eafb660f6df4f1a7bf5a59f48b7 corporate/3.0/x86_64/cups-common-1.1.20-5.21.C30mdk.x86_64.rpm 6962c849474e00d4381f68ce0d700baa corporate/3.0/x86_64/cups-serial-1.1.20-5.21.C30mdk.x86_64.rpm 775f8c2232eb751dae3fbd5aa347c31b corporate/3.0/x86_64/lib64cups2-1.1.20-5.21.C30mdk.x86_64.rpm ec752b939267cf785a76161388d63b89 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.21.C30mdk.x86_64.rpm 902b2ecfff8325312ad095425ec6b31b corporate/3.0/SRPMS/cups-1.1.20-5.21.C30mdk.src.rpm Multi Network Firewall 2.0: c998b8245740f55a475014ab84aa72c6 mnf/2.0/i586/cups-1.1.20-5.21.M20mdk.i586.rpm caff03b6b69c0dc6dcf5b0e56bc583c3 mnf/2.0/i586/cups-common-1.1.20-5.21.M20mdk.i586.rpm f4f7b5894f97f371dcaa84347170642c mnf/2.0/i586/cups-serial-1.1.20-5.21.M20mdk.i586.rpm ae0eb99fdc9ce79efff159a5dcd3d64e mnf/2.0/i586/libcups2-1.1.20-5.21.M20mdk.i586.rpm 8e701f7caa03cd8d1bb42566965506e6 mnf/2.0/i586/libcups2-devel-1.1.20-5.21.M20mdk.i586.rpm 10e3ff36714b79b806b62137b3d7d246 mnf/2.0/SRPMS/cups-1.1.20-5.21.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK3OH6mqjQ0CJFipgRAsUOAKDHMqs7e509FxXN+hRs3MuoXG+hbACgxBLI 92SOL+8x2GTGblZj+/qsM7o= =ZAtW -----END PGP SIGNATURE----- . Background ========== Poppler is a cross-platform PDF rendering library originally based on Xpdf. Please review the CVE identifiers referenced below for details. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CUPS: Multiple vulnerabilities Date: April 23, 2009 Bugs: #263070 ID: 200904-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple errors in CUPS might allow for the remote execution of arbitrary code or DNS rebinding attacks. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. * Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164). * Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler. Furthermore, the web interface could be used to conduct DNS rebinding attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10" References ========== [ 1 ] CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 [ 2 ] CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 [ 3 ] CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 [ 4 ] CVE-2009-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164 [ 5 ] CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the old stable distribution (etch), these problems have been fixed in version 3.01-9.1+etch6. For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny1. For the unstable distribution (sid), these problems will be fixed in a forthcoming version. We recommend that you upgrade your xpdf packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc Size/MD5 checksum: 974 9c04059981f8b036d7e6e39c7f0aeb21 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz Size/MD5 checksum: 46835 c69a67b9ff487403e7c3ff819c6ff734 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb Size/MD5 checksum: 62834 dd8f37161c3b2430cb1cd65c911e9f86 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb Size/MD5 checksum: 1278 d6da8e00b02ab3f17ec44b90fff6bb30 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_alpha.deb Size/MD5 checksum: 920352 83b7d74d9ebae9b26da91de7c91d3502 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_alpha.deb Size/MD5 checksum: 1687294 9862913548fff9bfda37a6fe075df5b0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb Size/MD5 checksum: 809202 171520d7642019943bfe7166876f5da5 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb Size/MD5 checksum: 1493308 9575f135e9ec312f9e6d7d2517dd8f5b arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_arm.deb Size/MD5 checksum: 803714 6db06ffcba7f6d7576ed356e7989557d http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_arm.deb Size/MD5 checksum: 1468616 9afde01dda379acd4e7edfbccc7c7b2d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_hppa.deb Size/MD5 checksum: 1773794 c9012a9d3919ec40dcea1264ac27a6fe http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_hppa.deb Size/MD5 checksum: 963060 565daaf6f15ff7593d560ef7a2f94364 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_i386.deb Size/MD5 checksum: 796992 5270bef04f1c2e924b813dffe6050d89 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_i386.deb Size/MD5 checksum: 1458826 b2f3cbaac0ffcce0bb8d7e656bf11b02 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_ia64.deb Size/MD5 checksum: 1217142 afeaf9bfc66ebb69767703bfb30bbd4c http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_ia64.deb Size/MD5 checksum: 2218472 6545e9b6f58a84c0daa76baa8a0db629 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_mipsel.deb Size/MD5 checksum: 946638 5323268be89e54c5c8eb7ae13f0eab14 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_mipsel.deb Size/MD5 checksum: 1721268 0b710c0bcc6ffefe29f683ab09d3cbe8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_powerpc.deb Size/MD5 checksum: 1554798 eadd6236b778761086d436dd8db986e4 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_powerpc.deb Size/MD5 checksum: 849204 d22f5d59f03d6484e149d7536a25a517 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_s390.deb Size/MD5 checksum: 1401814 0e3f588c64e8fa9a102ebcae29c4d807 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_s390.deb Size/MD5 checksum: 767392 4b7c1a868f2f909c2dce25087da77817 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_sparc.deb Size/MD5 checksum: 1394680 8b17e2339e2a908a610271eb678495b1 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_sparc.deb Size/MD5 checksum: 763618 f3897333018702ee926e41ca5f58dc92 Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.dsc Size/MD5 checksum: 1266 faeebc4dfc74129ca708a6345bb483f7 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz Size/MD5 checksum: 674912 599dc4cc65a07ee868cf92a667a913d2 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.diff.gz Size/MD5 checksum: 42280 362f72e95494f51a19eeb898b9a527ac Architecture independent packages: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny1_all.deb Size/MD5 checksum: 67664 b5f063bf32cbeaf1aaeec315dc8aff0a http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1_all.deb Size/MD5 checksum: 1268 f67780458dac3c38cd59bfde186f9a3b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_alpha.deb Size/MD5 checksum: 1896344 f65f591413c25a23ea2aaccba2b5b634 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_alpha.deb Size/MD5 checksum: 1018434 cb679c93bbc428ea852bd4ef3103e42d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_amd64.deb Size/MD5 checksum: 1709514 1e1277251a6dd0bb0a551997efd39175 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_amd64.deb Size/MD5 checksum: 921892 fb7de1db5e3885365c3ad74c3646ab57 arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_arm.deb Size/MD5 checksum: 1667088 58ddefe40598d6fe4a5016145163ef45 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_arm.deb Size/MD5 checksum: 907908 881594298fe547cefa3d528c519d369f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_armel.deb Size/MD5 checksum: 886242 51d55f7c4de41c5d4051f41fde9b7389 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_armel.deb Size/MD5 checksum: 1602392 bc996edfad6d1995cb4ef2f4c7760b51 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_hppa.deb Size/MD5 checksum: 1076286 fa3ac4a1001abf3e892bb1397b06ff17 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_hppa.deb Size/MD5 checksum: 1985520 e95263d094e2c8d6aa72ee1edb9105f3 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_i386.deb Size/MD5 checksum: 876656 441042932886fa29adae731338f6b5bd http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_i386.deb Size/MD5 checksum: 1611730 52516381da25dbb0c1145e2b7cdf692a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_ia64.deb Size/MD5 checksum: 1380222 0ffaee560534c9d69df433340679c8fc http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_ia64.deb Size/MD5 checksum: 2519970 eb4f4e5c173557fa8ae713f123cbb193 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mips.deb Size/MD5 checksum: 1894924 58b336b114ef5c8fb9fc6244411b4cf4 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mips.deb Size/MD5 checksum: 1040834 ae8ed06ea2ed07e3a064c6bd28e80933 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mipsel.deb Size/MD5 checksum: 1026954 eac8167230b8fa208cdbc5b196f0c624 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mipsel.deb Size/MD5 checksum: 1872050 8f2e99ce5a102d099ba22543f246d5bd powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_powerpc.deb Size/MD5 checksum: 1788584 7d1466cc8770bd92f299c1cc772f64e7 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_powerpc.deb Size/MD5 checksum: 968838 7cc8568d6b74348300066e42b27f90c2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_s390.deb Size/MD5 checksum: 871666 1dde93a4cc0a28b90f92c05f0d181079 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_s390.deb Size/MD5 checksum: 1598270 201ad07e4853843dce22f22daa41fd35 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_sparc.deb Size/MD5 checksum: 863662 446f2d8fe6483d3741648c4db1ff5b82 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_sparc.deb Size/MD5 checksum: 1586262 52861c00f406c35db8a6e6f3269cc37d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAJvfYrVLjBFATsMRAvL3AJ48hk1Vsp4ZvDGoQfwOunErKHxElQCfepN+ rFYyqIcPRzz8zBGVGObkTr8= =xhzW -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2009-0146 // CERT/CC: VU#196617 // VULHUB: VHN-37592 // PACKETSTORM: 82088 // PACKETSTORM: 123523 // PACKETSTORM: 77000 // PACKETSTORM: 77279

AFFECTED PRODUCTS

vendor:	apple	model:	cups	scope:	eq	version:	1.1.6-1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.2.11	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.23	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.5-1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.2	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.6	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.5-2	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.2.12	Trust: 1.6
vendor:	apple	model:	cups	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.5a	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.12	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.18	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.7	Trust: 1.0
vendor:	apple	model:	cups	scope:	lte	version:	1.3.9	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	1.01	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	3.00	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91b	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	lte	version:	3.02	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.6-2	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.90	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.6	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.5	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92e	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91a	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92c	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.93c	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.00	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.17	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.9	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.14	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92b	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	1.00	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.6	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.01	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.2	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.21	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.8	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.10	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.91	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	1.00a	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.7	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.7	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.22	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.15	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.13	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92a	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.10-1	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.93a	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92d	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.92	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.9	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.8	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.20	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.80	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	3.01	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.10	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.6	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.6-3	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.8	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.10	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.7	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.02	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.9-1	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.19	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.93	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.7a	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.11	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.03	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91c	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.11	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.93b	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.1.16	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.3	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.4	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mandriva s a	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	novell	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	poppler	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	research in motion rim	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	slackware linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	turbolinux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	xpdf	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#196617 // CNNVD: CNNVD-200904-441 // NVD: CVE-2009-0146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0146
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#196617
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200904-441
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-37592
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0146
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CARNEGIE MELLON:	VU#196617
severity:	HIGH
baseScore:	9.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-37592
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#196617 // VULHUB: VHN-37592 // CNNVD: CNNVD-200904-441 // NVD: CVE-2009-0146

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-37592 // NVD: CVE-2009-0146

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 77000 // CNNVD: CNNVD-200904-441

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200904-441

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#196617 // VULHUB: VHN-37592

EXTERNAL IDS

db:	BID	id:	34568	Trust: 2.5
db:	SECUNIA	id:	34291	Trust: 2.5
db:	NVD	id:	CVE-2009-0146	Trust: 2.1
db:	SECUNIA	id:	34481	Trust: 1.7
db:	SECUNIA	id:	35618	Trust: 1.7
db:	SECUNIA	id:	34756	Trust: 1.7
db:	SECUNIA	id:	35074	Trust: 1.7
db:	SECUNIA	id:	35065	Trust: 1.7
db:	SECUNIA	id:	35685	Trust: 1.7
db:	SECUNIA	id:	34963	Trust: 1.7
db:	SECUNIA	id:	35037	Trust: 1.7
db:	SECUNIA	id:	35064	Trust: 1.7
db:	SECUNIA	id:	34852	Trust: 1.7
db:	SECUNIA	id:	34959	Trust: 1.7
db:	SECUNIA	id:	34991	Trust: 1.7
db:	SECUNIA	id:	34755	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1621	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1066	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1297	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1040	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1077	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1065	Trust: 1.7
db:	SECTRACK	id:	1022073	Trust: 1.7
db:	USCERT	id:	TA09-133A	Trust: 1.7
db:	SECTRACK	id:	1022072	Trust: 0.8
db:	CERT/CC	id:	VU#196617	Trust: 0.8
db:	CNNVD	id:	CNNVD-200904-441	Trust: 0.6
db:	PACKETSTORM	id:	82088	Trust: 0.2
db:	PACKETSTORM	id:	77000	Trust: 0.2
db:	PACKETSTORM	id:	123523	Trust: 0.2
db:	PACKETSTORM	id:	77279	Trust: 0.2
db:	PACKETSTORM	id:	82087	Trust: 0.1
db:	PACKETSTORM	id:	83554	Trust: 0.1
db:	PACKETSTORM	id:	76918	Trust: 0.1
db:	PACKETSTORM	id:	77104	Trust: 0.1
db:	PACKETSTORM	id:	89072	Trust: 0.1
db:	PACKETSTORM	id:	92846	Trust: 0.1
db:	PACKETSTORM	id:	76751	Trust: 0.1
db:	PACKETSTORM	id:	77313	Trust: 0.1
db:	PACKETSTORM	id:	83707	Trust: 0.1
db:	PACKETSTORM	id:	84482	Trust: 0.1
db:	PACKETSTORM	id:	82086	Trust: 0.1
db:	PACKETSTORM	id:	89656	Trust: 0.1
db:	VULHUB	id:	VHN-37592	Trust: 0.1

sources: CERT/CC: VU#196617 // VULHUB: VHN-37592 // PACKETSTORM: 82088 // PACKETSTORM: 123523 // PACKETSTORM: 77000 // PACKETSTORM: 77279 // CNNVD: CNNVD-200904-441 // NVD: CVE-2009-0146

REFERENCES

url:	http://www.debian.org/security/2009/dsa-1790	Trust: 2.5
url:	http://support.apple.com/kb/ht3549	Trust: 2.5
url:	http://www.securityfocus.com/bid/34568	Trust: 2.5
url:	http://security.gentoo.org/glsa/glsa-200904-20.xml	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2009/may/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/502761/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/502750/100/0/threaded	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta09-133a.html	Trust: 1.7
url:	http://bugs.gentoo.org/show_bug.cgi?id=263028	Trust: 1.7
url:	http://support.apple.com/kb/ht3639	Trust: 1.7
url:	http://wiki.rpath.com/advisories:rpsa-2009-0059	Trust: 1.7
url:	http://wiki.rpath.com/advisories:rpsa-2009-0061	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=490612	Trust: 1.7
url:	http://www.debian.org/security/2009/dsa-1793	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-july/msg00567.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-june/msg01277.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-june/msg01291.html	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2009:101	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:087	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9632	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0429.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0430.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0431.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2009-0458.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2009-0480.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1022073	Trust: 1.7
url:	http://secunia.com/advisories/34291	Trust: 1.7
url:	http://secunia.com/advisories/34481	Trust: 1.7
url:	http://secunia.com/advisories/34755	Trust: 1.7
url:	http://secunia.com/advisories/34756	Trust: 1.7
url:	http://secunia.com/advisories/34852	Trust: 1.7
url:	http://secunia.com/advisories/34959	Trust: 1.7
url:	http://secunia.com/advisories/34963	Trust: 1.7
url:	http://secunia.com/advisories/34991	Trust: 1.7
url:	http://secunia.com/advisories/35037	Trust: 1.7
url:	http://secunia.com/advisories/35064	Trust: 1.7
url:	http://secunia.com/advisories/35065	Trust: 1.7
url:	http://secunia.com/advisories/35074	Trust: 1.7
url:	http://secunia.com/advisories/35618	Trust: 1.7
url:	http://secunia.com/advisories/35685	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/1065	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/1066	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/1077	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/1297	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/1621	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1040	Trust: 1.7
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477	Trust: 1.6
url:	http://cgit.freedesktop.org/poppler/poppler/commit/?id=9f1312f3d7dfa7e536606a7c7296b7c876b11c00	Trust: 0.8
url:	ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch	Trust: 0.8
url:	http://www.ubuntu.com/usn/usn-759-1	Trust: 0.8
url:	http://blackberry.com/btsc/kb17953	Trust: 0.8
url:	http://rhn.redhat.com/errata/rhsa-2009-0429.html	Trust: 0.8
url:	http://rhn.redhat.com/errata/rhsa-2009-0431.html	Trust: 0.8
url:	http://www.mandriva.com/en/security/advisories?name=mdvsa-2009:101	Trust: 0.8
url:	http://secunia.com/advisories/34291/	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2009/apr/1022072.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu196617/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0166	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0147	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0146	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1180	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1179	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1182	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0799	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0800	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1181	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1183	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0163	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0147	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0166	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0146	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3609	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0195	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0163	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3608	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0165	Trust: 0.2
url:	http://security.gentoo.org/	Trust: 0.2
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0791	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0800	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3609	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1196	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0791	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0799	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1180	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1183	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3608	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1196	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1182	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0949	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0195	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1179	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1183	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1187	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1180	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0165	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0800	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3608	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1188	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4653	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3609	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3938	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0166	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1790	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3604	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-2142	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3703	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1181	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3604	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1179	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1188	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3938	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1788	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201310-03.xml	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3704	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1187	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3704	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3605	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4654	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0146	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3605	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4654	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0799	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2142	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3603	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3703	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4653	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0147	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0164	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0164	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_ia64.deb	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_armel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_arm.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny1_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mips.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_armel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_s390.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_amd64.deb	Trust: 0.1
url:	http://packages.debian.org/<pkg>	Trust: 0.1
url:	http://security.debian.org/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb	Trust: 0.1
url:	http://www.debian.org/security/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_ia64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_i386.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_powerpc.deb	Trust: 0.1

CREDITS

Alin Rad Pop Will Dormann

Trust: 0.6

sources: CNNVD: CNNVD-200904-441

SOURCES

db:	CERT/CC	id:	VU#196617
db:	VULHUB	id:	VHN-37592
db:	PACKETSTORM	id:	82088
db:	PACKETSTORM	id:	123523
db:	PACKETSTORM	id:	77000
db:	PACKETSTORM	id:	77279
db:	CNNVD	id:	CNNVD-200904-441
db:	NVD	id:	CVE-2009-0146

LAST UPDATE DATE

2024-11-23T19:34:57.638000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#196617	date:	2012-03-28T00:00:00
db:	VULHUB	id:	VHN-37592	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-200904-441	date:	2019-04-02T00:00:00
db:	NVD	id:	CVE-2009-0146	date:	2024-11-21T00:59:10.130

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#196617	date:	2009-04-16T00:00:00
db:	VULHUB	id:	VHN-37592	date:	2009-04-23T00:00:00
db:	PACKETSTORM	id:	82088	date:	2009-10-21T03:01:09
db:	PACKETSTORM	id:	123523	date:	2013-10-07T22:31:57
db:	PACKETSTORM	id:	77000	date:	2009-04-28T00:22:34
db:	PACKETSTORM	id:	77279	date:	2009-05-05T22:51:02
db:	CNNVD	id:	CNNVD-200904-441	date:	2009-04-23T00:00:00
db:	NVD	id:	CVE-2009-0146	date:	2009-04-23T17:30:01.547