CVE-2009-0756 : The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of servic

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

Published 2009-03-03 16:30:05

Updated 2018-10-10 19:31:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2009-0756

Probability of exploitation activity in the next 30 days: 5.32%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0756

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

Vendor statements for CVE-2009-0756

Red Hat 2009-07-15

This issue is a duplicate of CVE-2009-0166, which was addressed in affected products via following updates: https://rhn.redhat.com/errata/CVE-2009-0166.html

References for CVE-2009-0756

http://www.openwall.com/lists/oss-security/2009/02/13/1

CVEs referencing this url
http://www.securityfocus.com/bid/33749

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2009/02/19/2

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.securityfocus.com/archive/1/502761/100/0/threaded

CVEs referencing this url
http://lists.freedesktop.org/archives/poppler/2009-January/004403.html

Exploit
http://bugs.freedesktop.org/show_bug.cgi?id=19702

Exploit
http://wiki.rpath.com/Advisories:rPSA-2009-0059

CVEs referencing this url

Products affected by CVE-2009-0756

Poppler » Poppler
Versions up to, including, (<=) 0.10.3
cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.4.2
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.1
cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.1.1
cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.4.0
cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.4.1
cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.3
cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.4
cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.7.0
cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.7.1
cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.1.2
cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.2.0
cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.4.3
cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.9
cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.91
cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.7.2
cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.3.0
cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.3.1
cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.4.4
cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.0
cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.6.0
cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.6.1
cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.6.2
cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.3.2
cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.3.3
cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.1
cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.2
cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.6.3
cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.6.4
cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.5.90
cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.8.4
cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.10.1
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.10.2
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
Matching versions
Poppler » Poppler » Version: 0.7.3
cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-0756

Exploit prediction scoring system (EPSS) score for CVE-2009-0756

CVSS scores for CVE-2009-0756

Vendor statements for CVE-2009-0756

References for CVE-2009-0756

Products affected by CVE-2009-0756