Vulnerability CVE-2009-0147 - CERT Civis.Net

Vulnerability Name:

CVE-2009-0147 (CCN-50124)

Assigned:

2009-04-16

Published:

2009-04-16

Updated:

2019-03-06

Summary:

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189
CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Gentoo Bugzilla Bug 263028

Source: CONFIRM
Type: UNKNOWN

http://bugs.gentoo.org/show_bug.cgi?id=263028

Source: MITRE
Type: CNA
CVE-2009-0147

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-06-17-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-05-12

Source: SUSE
Type: UNKNOWN
SUSE-SA:2009:024

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:010

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:012

Source: CCN
Type: RHSA-2009-0429
Important: cups security update

Source: CCN
Type: RHSA-2009-0430
Important: xpdf security update

Source: CCN
Type: RHSA-2009-0431
Important: kdegraphics security update

Source: CCN
Type: RHSA-2009-0458
Important: gpdf security update

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0458

Source: CCN
Type: RHSA-2009-0480
Important: poppler security update

Source: CCN
Type: RHSA-2010-0399
Moderate: tetex security update

Source: CCN
Type: RHSA-2010-0400
Moderate: tetex security update

Source: CCN
Type: SA34291
Xpdf JBIG2 Processing Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
34291

Source: CCN
Type: SA34481
CUPS Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
34481

Source: SECUNIA
Type: Vendor Advisory
34755

Source: SECUNIA
Type: Vendor Advisory
34756

Source: SECUNIA
Type: Vendor Advisory
34852

Source: SECUNIA
Type: Vendor Advisory
34959

Source: SECUNIA
Type: Vendor Advisory
34963

Source: SECUNIA
Type: Vendor Advisory
34991

Source: SECUNIA
Type: Vendor Advisory
35037

Source: SECUNIA
Type: Vendor Advisory
35064

Source: SECUNIA
Type: Vendor Advisory
35065

Source: CCN
Type: SA35074
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35074

Source: SECUNIA
Type: Vendor Advisory
35618

Source: SECUNIA
Type: Vendor Advisory
35685

Source: CCN
Type: SA40966
KOffice PDF Import Filter Multiple Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200904-20

Source: CCN
Type: SECTRACK ID: 1022073
Xpdf Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2009-129-01

Source: CCN
Type: SourceForge.net: Files
PDFedit, File Release Notes and Changelog, Release Name: 0.4.3

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-002 / Mac OS X v10.5.7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3549

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3639

Source: CCN
Type: ASA-2009-147
xpdf security update (RHSA-2009-0430)

Source: CCN
Type: ASA-2009-148
kdegraphics security update (RHSA-2009-0431)

Source: CCN
Type: ASA-2009-159
gpdf security update (RHSA-2009-0458)

Source: CCN
Type: ASA-2009-163
cups security update (RHSA-2009-0429)

Source: CCN
Type: ASA-2009-175
poppler security update (RHSA-2009-0480)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0059

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0061

Source: CCN
Type: CUPS Web site
CUPS

Source: DEBIAN
Type: UNKNOWN
DSA-1790

Source: DEBIAN
Type: UNKNOWN
DSA-1793

Source: DEBIAN
Type: DSA-1790
xpdf -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-1793
kdegraphics -- multiple vulnerabilities

Source: CCN
Type: Xpdf Web page
Xpdf

Source: CCN
Type: GLSA-200904-20
CUPS: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:101

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:087

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0429

Source: REDHAT
Type: Patch
RHSA-2009:0430

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0431

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0480

Source: BUGTRAQ
Type: UNKNOWN
20090417 rPSA-2009-0061-1 cups

Source: BUGTRAQ
Type: UNKNOWN
20090417 rPSA-2009-0059-1 poppler

Source: BID
Type: UNKNOWN
34568

Source: CCN
Type: BID-34568
Xpdf JBIG2 Processing Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022073

Source: CCN
Type: USN-759-1
poppler vulnerabilities

Source: CERT
Type: US Government Resource
TA09-133A

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1065

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1066

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1077

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1297

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1621

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1040

Source: CCN
Type: Red Hat Bugzilla Bug 490614
CVE-2009-0147 xpdf: Multiple integer overflows in JBIG2 decoder

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=490614

Source: XF
Type: UNKNOWN
multiple-jbig2-bo-var1(50124)

Source: CCN
Type: Ubuntu Security Notice USN-973-1
koffice vulnerabilities

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9941

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-6972

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-6973

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-6982

Source: SUSE
Type: SUSE-SA:2009:024
cups security problems

Source: SUSE
Type: SUSE-SR:2009:010
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:012
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* (Version <= 3.02)

Configuration 2:

cpe:/a:apple:cups:1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.22:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.23:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.2.12:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.7:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.8:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:*:*:*:*:*:*:*:* (Version <= 1.3.9)

OR cpe:/a:apple:cups:1.3.10:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.11:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.5:a:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:1.00:a:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:0.93:b:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*

OR cpe:/a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20090147	V	CVE-2009-0147	2022-05-20
oval:org.opensuse.security:def:32207	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:29435	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:32073	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:29399	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:28717	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:32600	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28267	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:31988	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32705	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28408	P	Security update for subversion (Important)	2020-12-01
oval:org.opensuse.security:def:27977	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:32766	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28613	P	Security update for xorg-x11-server	2020-12-01
oval:org.opensuse.security:def:32300	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27989	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:33448	P	Security update for glib2	2020-12-01
oval:org.opensuse.security:def:28701	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:32444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28183	P	Security update for various KMPs (Moderate)	2020-12-01
oval:org.opensuse.security:def:31987	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28761	P	Security update for libqt4	2020-12-01
oval:org.opensuse.security:def:32656	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28324	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:32744	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28560	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:27978	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:32810	P	xorg-x11-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28662	P	Security update for finch	2020-12-01
oval:org.opensuse.security:def:32357	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:28053	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:33487	P	Security update for libpoppler4	2020-12-01
oval:org.mitre.oval:def:28869	P	RHSA-2009:0480 -- poppler security update (Important)	2015-08-17
oval:org.mitre.oval:def:29193	P	RHSA-2009:0431 -- kdegraphics security update (Important)	2015-08-17
oval:org.mitre.oval:def:28592	P	RHSA-2009:0429 -- cups security update (Important)	2015-08-17
oval:org.mitre.oval:def:13235	P	DSA-1793-1 kdegraphics -- multiple	2015-02-23
oval:org.mitre.oval:def:7864	P	DSA-1793 kdegraphics -- multiple vulnerabilities	2015-02-23
oval:org.mitre.oval:def:23168	P	ELSA-2010:0400: tetex security update (Moderate)	2014-07-21
oval:org.mitre.oval:def:13857	P	USN-759-1 -- poppler vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13355	P	USN-973-1 -- koffice vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13119	P	DSA-1790-1 xpdf -- multiple	2014-06-23
oval:org.mitre.oval:def:7718	P	DSA-1790 xpdf -- multiple vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22616	P	ELSA-2009:0431: kdegraphics security update (Important)	2014-05-26
oval:org.mitre.oval:def:21858	P	ELSA-2009:0429: cups security update (Important)	2014-05-26
oval:org.mitre.oval:def:21897	P	ELSA-2009:0480: poppler security update (Important)	2014-05-26
oval:org.mitre.oval:def:22251	P	RHSA-2010:0400: tetex security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:9941	V	Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.	2013-04-29
oval:com.redhat.rhsa:def:20100399	P	RHSA-2010:0399: tetex security update (Moderate)	2010-05-06
oval:com.redhat.rhsa:def:20100400	P	RHSA-2010:0400: tetex security update (Moderate)	2010-05-06
oval:com.redhat.rhsa:def:20090480	P	RHSA-2009:0480: poppler security update (Important)	2009-05-13
oval:org.debian:def:1793	V	multiple vulnerabilities	2009-05-06
oval:org.debian:def:1790	V	multiple vulnerabilities	2009-05-05
oval:com.redhat.rhsa:def:20090458	P	RHSA-2009:0458: gpdf security update (Important)	2009-04-30
oval:com.ubuntu.precise:def:20090147000	V	CVE-2009-0147 on Ubuntu 12.04 LTS (precise) - medium.	2009-04-23
oval:com.ubuntu.trusty:def:20090147000	V	CVE-2009-0147 on Ubuntu 14.04 LTS (trusty) - medium.	2009-04-23
oval:com.ubuntu.xenial:def:20090147000	V	CVE-2009-0147 on Ubuntu 16.04 LTS (xenial) - medium.	2009-04-23
oval:com.ubuntu.xenial:def:200901470000000	V	CVE-2009-0147 on Ubuntu 16.04 LTS (xenial) - medium.	2009-04-23
oval:com.redhat.rhsa:def:20090429	P	RHSA-2009:0429: cups security update (Important)	2009-04-16
oval:com.redhat.rhsa:def:20090430	P	RHSA-2009:0430: xpdf security update (Important)	2009-04-16
oval:com.redhat.rhsa:def:20090431	P	RHSA-2009:0431: kdegraphics security update (Important)	2009-04-16