Details of VAR-200904-0824

ID

VAR-200904-0824

CVE

CVE-2009-0195

TITLE

Xpdf and CUPS Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2009-001285

DESCRIPTION

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. CUPS and Xpdf are prone to a remote buffer-overflow vulnerability because they fail to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The following are vulnerable; other applications or versions may also be affected: Xpdf 3.02pl2 and earlier CUPS 1.3.9 and earlier NOTE: This vulnerability may already be covered in BID 34568 (Xpdf JBIG2 Processing Multiple Security Vulnerabilities). We will update (or possibly retire) this BID as more information emerges. (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0800) The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-1183) Two integer overflow flaws were found in the CUPS pdftops filter. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6b17f59f63c062c017c78d459dd2d89a 2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm 9bc5298d9895c356227fdda3a0ddb2c0 2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm e3583883df8532fc8c496866dac713f8 2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm fac1fcb839ad53322a447d4d39f769e3 2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm 3d65afc590fb8520d68b2a3e8e1da696 2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm 9e09ed22a2522ee45e93e0edc146193f 2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm 7427b1f56387e84db5a15aad85b424d2 2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm 67937a584d365d6b00ef688c88e8d7c5 2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm 410dc85c2c7b71ab316be5607c556682 2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm 64d6e14be8d93c7651ce5dc3e2ebc5bf 2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm cc9af7e314b6eaa6a8f946fa2c27f298 2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm 0c6d3a6b5211e8506a89144b8c3a3cfb 2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm c985516638ed4d8f792daa13bd506023 2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm 8d05619dcef538092696ce70998abd20 2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm 0bae2a3525b796882d2cc87853945e5a 2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm 11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 8249475feb3bdc74ea7060944baed6aa 2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm 83951504acb783cfdb8ec4fe48d31e1e 2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm fa8a91e8e3bc8f11c19ab460d1f690fe 2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm e061fdbeded2d97bb3ca6b34d33cb384 2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm 893235ea8cf23295ae961ea2de0b9903 2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm 9844640563afdef4a870e2ed12e58136 2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm 06ea824a6a2cd9360a9e75a14718192a 2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm bb0eb04fa906a352e6738d08f116f89b 2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm 43d6a85dfdad7e969655ee4e2a377370 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm eef29dde4b9e80d4c360e953cbe9110b 2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm c74dc9f245091f451441d8b88f0beed3 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm 60345458274afc6ff480317fc408ec52 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm 0a880b9c0d655c10f5757882e30911f1 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm eb6fde793ac0d7ea86df42aa22637807 2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm 7f475f07368ed9158008f2891dce2cd6 2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm 11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHXsgmqjQ0CJFipgRAu1fAKCINX1H5StX89GjMDWzGrEM1UiHeACeMLSY a3mQtrfvoibfn29OFAfdSn0= =lTbL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Poppler: Multiple vulnerabilities Date: October 06, 2013 Bugs: #263028, #290430, #290464, #308017, #338878, #352581, #459866, #480366 ID: 201310-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Background ========== Poppler is a cross-platform PDF rendering library originally based on Xpdf. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/poppler < 0.22.2-r1 >= 0.22.2-r1 Description =========== Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/poppler-0.22.2-r1" References ========== [ 1 ] CVE-2009-0146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0146 [ 2 ] CVE-2009-0147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0147 [ 3 ] CVE-2009-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0165 [ 4 ] CVE-2009-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0166 [ 5 ] CVE-2009-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0195 [ 6 ] CVE-2009-0799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0799 [ 7 ] CVE-2009-0800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0800 [ 8 ] CVE-2009-1179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1179 [ 9 ] CVE-2009-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1180 [ 10 ] CVE-2009-1181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1181 [ 11 ] CVE-2009-1182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1182 [ 12 ] CVE-2009-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1183 [ 13 ] CVE-2009-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1187 [ 14 ] CVE-2009-1188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1188 [ 15 ] CVE-2009-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3603 [ 16 ] CVE-2009-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3604 [ 17 ] CVE-2009-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3605 [ 18 ] CVE-2009-3606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3606 [ 19 ] CVE-2009-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3607 [ 20 ] CVE-2009-3608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3608 [ 21 ] CVE-2009-3609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3609 [ 22 ] CVE-2009-3938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3938 [ 23 ] CVE-2010-3702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702 [ 24 ] CVE-2010-3703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703 [ 25 ] CVE-2010-3704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704 [ 26 ] CVE-2010-4653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4653 [ 27 ] CVE-2010-4654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4654 [ 28 ] CVE-2012-2142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2142 [ 29 ] CVE-2013-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1788 [ 30 ] CVE-2013-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1789 [ 31 ] CVE-2013-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1790 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . NOTE: some of these details are obtained from third party information (CVE-2010-0739). ====================================================================== 2) Severity Rating: Highly critical Impact: System access Where: Remote ====================================================================== 3) Vendor's Description of Software "Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are also sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities.". Product Link: http://www.foolabs.com/xpdf/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error while decoding JBIG2 symbol dictionary segments. ====================================================================== 5) Solution Apply xpdf-3.02pl3.patch. ====================================================================== 6) Time Table 26/03/2009 - Vendor notified. 26/03/2009 - vendor-sec notified. 27/03/2009 - Vendor response. 17/04/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Alin Rad Pop, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-0195 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-17/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== _______________________________________________ Full-Disclosure - We believe in it

Trust: 2.61

sources: NVD: CVE-2009-0195 // JVNDB: JVNDB-2009-001285 // BID: 34791 // VULHUB: VHN-37641 // VULMON: CVE-2009-0195 // PACKETSTORM: 82088 // PACKETSTORM: 82087 // PACKETSTORM: 83554 // PACKETSTORM: 123523 // PACKETSTORM: 89656 // PACKETSTORM: 76775

AFFECTED PRODUCTS

vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91c	Trust: 1.6
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91b	Trust: 1.6
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.93a	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.93	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92d	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.5a	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.00	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.92	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92b	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.7a	Trust: 1.0
vendor:	apple	model:	cups	scope:	eq	version:	1.3.9	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.03	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	1.00	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.93b	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	1.01	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.01	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.2	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	3.00	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	lte	version:	3.02	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.80	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.90	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.91	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.5	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.6	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	1.00a	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92e	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91a	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.7	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92c	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.3	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	2.02	Trust: 1.0
vendor:	glyphandcog	model:	xpdfreader	scope:	eq	version:	0.4	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.93c	Trust: 1.0
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92a	Trust: 1.0
vendor:	cups	model:	cups	scope:	eq	version:	1.3.9	Trust: 0.8
vendor:	glyph cog	model:	xpdf	scope:	lte	version:	3.02pl2	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4.7 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4.7 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4.8 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4.8 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	4.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux eus	scope:	eq	version:	5.3.z (server)	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	red hat	model:	rhel optional productivity applications	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	rhel optional productivity applications eus	scope:	eq	version:	5.3.z (server)	Trust: 0.8
vendor:	foolabs	model:	xpdf	scope:	eq	version:	3.00	Trust: 0.6
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.91	Trust: 0.6
vendor:	foolabs	model:	xpdf	scope:	eq	version:	0.92	Trust: 0.6
vendor:	xpdf	model:	xpdf	scope:	eq	version:	3.02	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.6	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	9.04	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.12	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.17	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.10	Trust: 0.3
vendor:	gnome	model:	gpdf	scope:	eq	version:	2.8.2	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	xpdf	model:	xpdf	scope:	eq	version:	3.00	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.23	Trust: 0.3
vendor:	easy	model:	software products cups rc1	scope:	eq	version:	1.1.22	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.8	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.21	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.20	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.3	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	ne	version:	1.3.10	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	9.04	Trust: 0.3
vendor:	xpdf	model:	3.02pl2	scope:	-	version:	-	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	easy	model:	software products cups rc5	scope:	eq	version:	1.1.19	Trust: 0.3
vendor:	xpdf	model:	3.02pl1	scope:	-	version:	-	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.6	Trust: 0.3
vendor:	xpdf	model:	3.02pl3	scope:	ne	version:	-	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4-3	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.7	Trust: 0.3
vendor:	xpdf	model:	(patch	scope:	eq	version:	3.0.12)	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4-5	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.9	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.5	Trust: 0.3
vendor:	pardus	model:	linux	scope:	eq	version:	20080	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.22	Trust: 0.3
vendor:	xpdf	model:	1pl1	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.18	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4-2	Trust: 0.3
vendor:	xpdf	model:	pl2	scope:	eq	version:	3.0	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.2.8	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.0.4-8	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop version	scope:	eq	version:	4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.14	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.7	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	9.04	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	easy	model:	software products cups rc1	scope:	eq	version:	1.1.23	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.3.9	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.16	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.19	Trust: 0.3
vendor:	xpdf	model:	pl3	scope:	eq	version:	3.0	Trust: 0.3
vendor:	xpdf	model:	xpdf	scope:	eq	version:	3.01	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.15	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3

sources: BID: 34791 // JVNDB: JVNDB-2009-001285 // CNNVD: CNNVD-200904-446 // NVD: CVE-2009-0195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0195
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-0195
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200904-446
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-37641
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2009-0195
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0195
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-37641
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37641 // VULMON: CVE-2009-0195 // JVNDB: JVNDB-2009-001285 // CNNVD: CNNVD-200904-446 // NVD: CVE-2009-0195

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-37641 // JVNDB: JVNDB-2009-001285 // NVD: CVE-2009-0195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200904-446

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200904-446

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001285

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-37641

PATCH

title:	poppler-0.5.4-4.4.9.1AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=437	Trust: 0.8
title:	kdegraphics-3.5.5-3.5AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=766	Trust: 0.8
title:	tetex-3.0-33.8.5.0.1.AXS3	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1040	Trust: 0.8
title:	Top Page	url:	http://www.cups.org/	Trust: 0.8
title:	2059	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2059	Trust: 0.8
title:	RHSA-2009:0430	url:	https://rhn.redhat.com/errata/RHSA-2009-0430.html	Trust: 0.8
title:	RHSA-2009:0431	url:	https://rhn.redhat.com/errata/RHSA-2009-0431.html	Trust: 0.8
title:	RHSA-2009:0458	url:	https://rhn.redhat.com/errata/RHSA-2009-0458.html	Trust: 0.8
title:	RHSA-2010:0399	url:	https://rhn.redhat.com/errata/RHSA-2010-0399.html	Trust: 0.8
title:	RHSA-2009:0480	url:	https://rhn.redhat.com/errata/RHSA-2009-0480.html	Trust: 0.8
title:	RHSA-2010:0400	url:	https://rhn.redhat.com/errata/RHSA-2010-0400.html	Trust: 0.8
title:	RHSA-2009:0429	url:	https://rhn.redhat.com/errata/RHSA-2009-0429.html	Trust: 0.8
title:	Top Page	url:	http://www.foolabs.com/xpdf/	Trust: 0.8
title:	RHSA-2009:0480	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0480J.html	Trust: 0.8
title:	RHSA-2009:0429	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0429J.html	Trust: 0.8
title:	RHSA-2009:0430	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0430J.html	Trust: 0.8
title:	RHSA-2009:0431	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0431J.html	Trust: 0.8
title:	RHSA-2009:0458	url:	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0458J.html	Trust: 0.8
title:	Red Hat: Important: gpdf security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20090458 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: poppler security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20090480 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: xpdf security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20090430 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: cups security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20090429 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kdegraphics security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20090431 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: koffice vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-973-1	Trust: 0.1
title:	-	url:	https://github.com/0xCyberY/CVE-T4PDF	Trust: 0.1

sources: VULMON: CVE-2009-0195 // JVNDB: JVNDB-2009-001285

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0195	Trust: 3.5
db:	SECUNIA	id:	34481	Trust: 2.6
db:	SECUNIA	id:	35064	Trust: 2.6
db:	SECUNIA	id:	34291	Trust: 2.6
db:	SECUNIA	id:	34963	Trust: 2.6
db:	BID	id:	34791	Trust: 2.1
db:	SECUNIA	id:	34756	Trust: 1.8
db:	VUPEN	id:	ADV-2010-1040	Trust: 1.8
db:	VUPEN	id:	ADV-2009-1065	Trust: 0.8
db:	JVNDB	id:	JVNDB-2009-001285	Trust: 0.8
db:	CNNVD	id:	CNNVD-200904-446	Trust: 0.6
db:	PACKETSTORM	id:	76775	Trust: 0.2
db:	PACKETSTORM	id:	76776	Trust: 0.1
db:	VULHUB	id:	VHN-37641	Trust: 0.1
db:	VULMON	id:	CVE-2009-0195	Trust: 0.1
db:	PACKETSTORM	id:	82088	Trust: 0.1
db:	PACKETSTORM	id:	82087	Trust: 0.1
db:	PACKETSTORM	id:	83554	Trust: 0.1
db:	PACKETSTORM	id:	123523	Trust: 0.1
db:	PACKETSTORM	id:	89656	Trust: 0.1

sources: VULHUB: VHN-37641 // VULMON: CVE-2009-0195 // BID: 34791 // JVNDB: JVNDB-2009-001285 // PACKETSTORM: 82088 // PACKETSTORM: 82087 // PACKETSTORM: 83554 // PACKETSTORM: 123523 // PACKETSTORM: 89656 // PACKETSTORM: 76775 // CNNVD: CNNVD-200904-446 // NVD: CVE-2009-0195

REFERENCES

url:	http://secunia.com/advisories/34291	Trust: 2.6
url:	http://secunia.com/advisories/34481	Trust: 2.6
url:	http://secunia.com/advisories/34963	Trust: 2.6
url:	http://secunia.com/advisories/35064	Trust: 2.6
url:	http://secunia.com/secunia_research/2009-17/	Trust: 1.9
url:	http://www.securityfocus.com/bid/34791	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/502759/100/0/threaded	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/502762/100/0/threaded	Trust: 1.8
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:087	Trust: 1.8
url:	http://secunia.com/secunia_research/2009-18/	Trust: 1.8
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10076	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2009-0458.html	Trust: 1.8
url:	http://www.redhat.com/support/errata/rhsa-2009-0480.html	Trust: 1.8
url:	http://secunia.com/advisories/34756	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2010/1040	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0195	Trust: 1.2
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0195	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2009/1065	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0195	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0166	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0147	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0146	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3608	Trust: 0.5
url:	http://www.foolabs.com/xpdf/	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0147	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1180	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1179	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1182	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0166	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0146	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3609	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0799	Trust: 0.4
url:	http://www.mandriva.com/security/	Trust: 0.4
url:	http://www.mandriva.com/security/advisories	Trust: 0.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3608	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0800	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1181	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1183	Trust: 0.4
url:	http://www.cups.org	Trust: 0.3
url:	/archive/1/502759	Trust: 0.3
url:	/archive/1/502762	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0163	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1181	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0791	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0800	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3609	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0791	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0163	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0799	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1180	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1183	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1182	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0949	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0949	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1179	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0165	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0165	Trust: 0.2
url:	http://secunia.com/	Trust: 0.2
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=24749	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/973-1/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1196	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1183	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1187	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1180	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0165	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0800	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3608	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1188	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4653	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3609	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3938	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0166	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1790	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3604	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-2142	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1789	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3703	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1181	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3604	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1179	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1188	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3938	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1788	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201310-03.xml	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3704	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1187	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3606	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3704	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3605	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4654	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0146	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3605	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4654	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0799	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2142	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3603	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3703	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4653	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0147	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1284	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-1440	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0827	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0829	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1440	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1284	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0827	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0829	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0739	Trust: 0.1
url:	http://secunia.com/secunia_research/	Trust: 0.1
url:	http://secunia.com/corporate/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/mailing_lists/	Trust: 0.1
url:	http://secunia.com/advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1

CREDITS

Secunia Research.,Alin Rad Pop

Trust: 0.6

sources: CNNVD: CNNVD-200904-446

SOURCES

db:	VULHUB	id:	VHN-37641
db:	VULMON	id:	CVE-2009-0195
db:	BID	id:	34791
db:	JVNDB	id:	JVNDB-2009-001285
db:	PACKETSTORM	id:	82088
db:	PACKETSTORM	id:	82087
db:	PACKETSTORM	id:	83554
db:	PACKETSTORM	id:	123523
db:	PACKETSTORM	id:	89656
db:	PACKETSTORM	id:	76775
db:	CNNVD	id:	CNNVD-200904-446
db:	NVD	id:	CVE-2009-0195

LAST UPDATE DATE

2024-12-25T23:02:16.793000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37641	date:	2019-03-06T00:00:00
db:	VULMON	id:	CVE-2009-0195	date:	2019-03-06T00:00:00
db:	BID	id:	34791	date:	2015-04-13T21:13:00
db:	JVNDB	id:	JVNDB-2009-001285	date:	2010-05-26T00:00:00
db:	CNNVD	id:	CNNVD-200904-446	date:	2019-04-02T00:00:00
db:	NVD	id:	CVE-2009-0195	date:	2024-11-21T00:59:19.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37641	date:	2009-04-23T00:00:00
db:	VULMON	id:	CVE-2009-0195	date:	2009-04-23T00:00:00
db:	BID	id:	34791	date:	2009-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2009-001285	date:	2009-06-22T00:00:00
db:	PACKETSTORM	id:	82088	date:	2009-10-21T03:01:09
db:	PACKETSTORM	id:	82087	date:	2009-10-21T02:57:54
db:	PACKETSTORM	id:	83554	date:	2009-12-08T01:31:40
db:	PACKETSTORM	id:	123523	date:	2013-10-07T22:31:57
db:	PACKETSTORM	id:	89656	date:	2010-05-19T04:25:31
db:	PACKETSTORM	id:	76775	date:	2009-04-17T17:26:21
db:	CNNVD	id:	CNNVD-200904-446	date:	2009-04-23T00:00:00
db:	NVD	id:	CVE-2009-0195	date:	2009-04-23T17:30:01.627