Details of VAR-200905-0178

ID

VAR-200905-0178

CVE

CVE-2009-1605

TITLE

SumatraPDF Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-004653

DESCRIPTION

Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information. MuPDF is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: MuPDF "loadexponentialfunc()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA34916 VERIFY ADVISORY: http://secunia.com/advisories/34916/ DESCRIPTION: c has discovered a vulnerability in MuPDF, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a boundary error within the "loadexponentialfunc()" function in pdf_function.c. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in the MuPDF library included in the mupdf-20090223-win32 package. Other versions may also be affected. SOLUTION: Do not process untrusted PDF files using the library. PROVIDED AND/OR DISCOVERED BY: c ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-1605 // JVNDB: JVNDB-2009-004653 // BID: 34746 // VULMON: CVE-2009-1605 // PACKETSTORM: 77098

AFFECTED PRODUCTS

vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.5	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.4	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.2	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.3	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.9	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.7	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.8	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.8.1	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	lte	version:	0.9.3	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.6	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.9.2	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.9.1	Trust: 1.0
vendor:	sumatrapdfreader	model:	sumatrapdf	scope:	eq	version:	0.1	Trust: 1.0
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	lte	version:	0.9.3	Trust: 0.8
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.9	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.8.1	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.4	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.7	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.8	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.5	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.9.3	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.6	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.1	Trust: 0.6
vendor:	krzysztof kowalczyk	model:	sumatrapdf	scope:	eq	version:	0.9.2	Trust: 0.6
vendor:	sumatra	model:	pdf sumatra pdf	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	mupdf	model:	mupdf	scope:	eq	version:	0	Trust: 0.3

sources: BID: 34746 // JVNDB: JVNDB-2009-004653 // CNNVD: CNNVD-200905-123 // NVD: CVE-2009-1605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-1605
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2009-1605
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-1605
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200905-123
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2009-1605
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-1605
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2009-1605
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2009-1605 // JVNDB: JVNDB-2009-004653 // CNNVD: CNNVD-200905-123 // NVD: CVE-2009-1605 // NVD: CVE-2009-1605

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2009-004653 // NVD: CVE-2009-1605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200905-123

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200905-123

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004653

PATCH

title:	Top Page	url:	http://mupdf.com/	Trust: 0.8
title:	-	url:	https://github.com/0xCyberY/CVE-T4PDF	Trust: 0.1

sources: VULMON: CVE-2009-1605 // JVNDB: JVNDB-2009-004653

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1605	Trust: 2.8
db:	SECUNIA	id:	34916	Trust: 1.8
db:	VUPEN	id:	ADV-2009-1186	Trust: 1.7
db:	VUPEN	id:	ADV-2009-1185	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-004653	Trust: 0.8
db:	CNNVD	id:	CNNVD-200905-123	Trust: 0.6
db:	BID	id:	34746	Trust: 0.4
db:	VULMON	id:	CVE-2009-1605	Trust: 0.1
db:	PACKETSTORM	id:	77098	Trust: 0.1

sources: VULMON: CVE-2009-1605 // BID: 34746 // JVNDB: JVNDB-2009-004653 // PACKETSTORM: 77098 // CNNVD: CNNVD-200905-123 // NVD: CVE-2009-1605

REFERENCES

url:	http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.html	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2009/1186	Trust: 1.7
url:	http://secunia.com/advisories/34916	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/1185	Trust: 1.7
url:	https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=451373e028f82fa2f1cc2a6a669df31d85c877bd	Trust: 1.0
url:	https://bugs.ghostscript.com/show_bug.cgi?id=690555	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1605	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1605	Trust: 0.8
url:	http://ccxvii.net/fitz/	Trust: 0.3
url:	http://blog.kowalczyk.info/software/sumatrapdf/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/34746	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/0xcybery/cve-t4pdf	Trust: 0.1
url:	http://secunia.com/advisories/try_vi/request_2008_report/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/34916/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULMON: CVE-2009-1605 // BID: 34746 // JVNDB: JVNDB-2009-004653 // PACKETSTORM: 77098 // CNNVD: CNNVD-200905-123 // NVD: CVE-2009-1605

CREDITS

c c@c.cc)

Trust: 0.6

sources: CNNVD: CNNVD-200905-123

SOURCES

db:	VULMON	id:	CVE-2009-1605
db:	BID	id:	34746
db:	JVNDB	id:	JVNDB-2009-004653
db:	PACKETSTORM	id:	77098
db:	CNNVD	id:	CNNVD-200905-123
db:	NVD	id:	CVE-2009-1605

LAST UPDATE DATE

2025-04-10T23:15:32.850000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2009-1605	date:	2020-03-11T00:00:00
db:	BID	id:	34746	date:	2009-05-21T05:20:00
db:	JVNDB	id:	JVNDB-2009-004653	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200905-123	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2009-1605	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2009-1605	date:	2009-05-11T00:00:00
db:	BID	id:	34746	date:	2009-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2009-004653	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	77098	date:	2009-04-29T10:20:18
db:	CNNVD	id:	CNNVD-200905-123	date:	2009-04-24T00:00:00
db:	NVD	id:	CVE-2009-1605	date:	2009-05-11T20:00:00.250