CVE-2009-0146

N/A Unknown
Published: April 23, 2009 Modified: April 23, 2026
View on NVD

Description

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=263028
Source: cve@mitre.org
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Source: cve@mitre.org
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Source: cve@mitre.org
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Source: cve@mitre.org
http://secunia.com/advisories/34291
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34481
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34755
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34756
Source: cve@mitre.org
http://secunia.com/advisories/34852
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34959
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34963
Source: cve@mitre.org
http://secunia.com/advisories/34991
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35037
Source: cve@mitre.org
http://secunia.com/advisories/35064
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35065
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35074
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35618
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35685
Source: cve@mitre.org
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200904-20.xml
Source: cve@mitre.org
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
Source: cve@mitre.org
http://support.apple.com/kb/HT3549
Source: cve@mitre.org
http://support.apple.com/kb/HT3639
Source: cve@mitre.org
http://wiki.rpath.com/Advisories:rPSA-2009-0059
Source: cve@mitre.org
http://wiki.rpath.com/Advisories:rPSA-2009-0061
Source: cve@mitre.org
http://www.debian.org/security/2009/dsa-1790
Source: cve@mitre.org
http://www.debian.org/security/2009/dsa-1793
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Source: cve@mitre.org
Patch
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/502750/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/502761/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/34568
Source: cve@mitre.org
http://www.securitytracker.com/id?1022073
Source: cve@mitre.org
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Source: cve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2009/1065
Source: cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1066
Source: cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1077
Source: cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1297
Source: cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621
Source: cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1040
Source: cve@mitre.org
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=490612
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Source: cve@mitre.org
http://bugs.gentoo.org/show_bug.cgi?id=263028
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/34291
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34481
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34755
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34756
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/34852
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34959
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34963
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/34991
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35037
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/35064
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35065
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35074
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35618
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35685
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200904-20.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.apple.com/kb/HT3549
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.apple.com/kb/HT3639
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2009-0059
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2009-0061
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2009/dsa-1790
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2009/dsa-1793
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/502750/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/502761/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/34568
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1022073
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2009/1065
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1066
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1077
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1297
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1040
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=490612
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9632
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Source: af854a3a-2127-422b-91ae-364da2661108

102 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.7%
83th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

apple foolabs glyphandcog

Related CVEs

CVE-2026-7002 7.3
CVE-2026-7001 2.4
CVE-2026-7000 2.4
CVE-2026-6999 2.4
CVE-2026-6998 2.4