製品・ソフトウェアに関する情報

JVN脆弱性詳細

Xpdf および CUPS におけるバッファオーバーフローの脆弱性

Title	Xpdf および CUPS におけるバッファオーバーフローの脆弱性
Summary	Xpdf および CUPS には PDF ファイルの処理に不備があるため、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者による巧妙に細工された JBIG2 symbol dictionary 領域をもつ PDF ファイルにより、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 16, 2009, midnight
Registration Date	June 22, 2009, 6:45 p.m.
Last Update	May 26, 2010, 4:30 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.7 (as)

Red Hat Enterprise Linux 4.7 (es)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

RHEL Desktop Workstation 5 (client)

RHEL Optional Productivity Applications 5 (server)

RHEL Optional Productivity Applications EUS 5.3.z (server)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

Glyph & Cog, LLC

Xpdf 3.02pl2 およびそれ以前

CUPS

CUPS 1.3.9

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0195	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
National Vulnerability Database (NVD)
2	CVE-2009-0195	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0195

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	kdegraphics-3.5.5-3.5AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=766
2	poppler-0.5.4-4.4.9.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=437
3	tetex-3.0-33.8.5.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1040
CUPS
4	Top Page	http://www.cups.org/
MIRACLE LINUX アップデート情報
5	2059	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2059
Red Hat Security Advisory
6	RHSA-2009:0429	https://rhn.redhat.com/errata/RHSA-2009-0429.html
7	RHSA-2009:0430	https://rhn.redhat.com/errata/RHSA-2009-0430.html
8	RHSA-2009:0431	https://rhn.redhat.com/errata/RHSA-2009-0431.html
9	RHSA-2009:0458	https://rhn.redhat.com/errata/RHSA-2009-0458.html
10	RHSA-2009:0480	https://rhn.redhat.com/errata/RHSA-2009-0480.html
11	RHSA-2010:0399	https://rhn.redhat.com/errata/RHSA-2010-0399.html
12	RHSA-2010:0400	https://rhn.redhat.com/errata/RHSA-2010-0400.html
Xpdf
13	Top Page	http://www.foolabs.com/xpdf/
レッドハットセキュリティーアップデート
14	RHSA-2009:0429	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0429J.html
15	RHSA-2009:0430	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0430J.html
16	RHSA-2009:0431	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0431J.html
17	RHSA-2009:0458	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0458J.html
18	RHSA-2009:0480	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0480J.html

その他

No	Name	URL
Secunia Advisory
1	SA34291	http://secunia.com/advisories/34291
2	SA34481	http://secunia.com/advisories/34481
3	SA34963	http://secunia.com/advisories/34963
4	SA35064	http://secunia.com/advisories/35064
VUPEN Security
5	VUPEN/ADV-2009-1065	http://www.vupen.com/english/advisories/2009/1065

Change Log

No	Changed Details	Date of change
0	[2009年06月22日] 掲載 [2009年12月07日] ベンダ情報：ミラクル・リナックス (kdegraphics-3.5.5-3.5AXS3) を追加 [2010年05月26日] 影響を受けるシステム：ミラクル・リナックス (2059) の情報を追加影響を受けるシステム：レッドハット (RHSA-2010:0399) の情報を追加ベンダ情報：ミラクル・リナックス (tetex-3.0-33.8.5.0.1.AXS3) を追加ベンダ情報：ミラクル・リナックス (2059) を追加ベンダ情報：レッドハット (RHSA-2010:0399) を追加ベンダ情報：レッドハット (RHSA-2010:0400) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-0195

Summary	Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
Publication Date	April 24, 2009, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:13 p.m.
Last Update	March 7, 2019, 1:30 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apple:cups:1.3.9:::::::*
cpe:2.3:a:foolabs:xpdf:0.5a:::::::*
cpe:2.3:a:foolabs:xpdf:0.7a:::::::*
cpe:2.3:a:foolabs:xpdf:0.91a:::::::*
cpe:2.3:a:foolabs:xpdf:0.91b:::::::*
cpe:2.3:a:foolabs:xpdf:0.91c:::::::*
cpe:2.3:a:foolabs:xpdf:0.92a:::::::*
cpe:2.3:a:foolabs:xpdf:0.92b:::::::*
cpe:2.3:a:foolabs:xpdf:0.92c:::::::*
cpe:2.3:a:foolabs:xpdf:0.92d:::::::*
cpe:2.3:a:foolabs:xpdf:0.92e:::::::*
cpe:2.3:a:foolabs:xpdf:0.93a:::::::*
cpe:2.3:a:foolabs:xpdf:0.93b:::::::*
cpe:2.3:a:foolabs:xpdf:0.93c:::::::*
cpe:2.3:a:foolabs:xpdf:1.00a:::::::*
cpe:2.3:a:foolabs:xpdf:3.0.1:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*
cpe:2.3:a:glyphandcog:xpdfreader::::::::		3.02

Related information, measures and tools

No	URL	refsource	タグ
1	http://rhn.redhat.com/errata/RHSA-2009-0458.html	REDHAT
2	http://secunia.com/advisories/34291	SECUNIA
3	http://secunia.com/advisories/34481	SECUNIA
4	http://secunia.com/advisories/34756	SECUNIA
5	http://secunia.com/advisories/34963	SECUNIA
6	http://secunia.com/advisories/35064	SECUNIA
7	http://secunia.com/secunia_research/2009-17/	MISC	Vendor Advisory
8	http://secunia.com/secunia_research/2009-18/	MISC	Vendor Advisory
9	http://www.mandriva.com/security/advisories?name=MDVSA-2010:087	MANDRIVA
10	http://www.redhat.com/support/errata/RHSA-2009-0480.html	REDHAT
11	http://www.securityfocus.com/archive/1/502759/100/0/threaded	BUGTRAQ
12	http://www.securityfocus.com/archive/1/502762/100/0/threaded	BUGTRAQ
13	http://www.securityfocus.com/bid/34791	BID
14	http://www.vupen.com/english/advisories/2010/1040	VUPEN
15	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apple:cups:1.3.9:::::::*
cpe:2.3:a:foolabs:xpdf:0.5a:::::::*
cpe:2.3:a:foolabs:xpdf:0.7a:::::::*
cpe:2.3:a:foolabs:xpdf:0.91a:::::::*
cpe:2.3:a:foolabs:xpdf:0.91b:::::::*
cpe:2.3:a:foolabs:xpdf:0.91c:::::::*
cpe:2.3:a:foolabs:xpdf:0.92a:::::::*
cpe:2.3:a:foolabs:xpdf:0.92b:::::::*
cpe:2.3:a:foolabs:xpdf:0.92c:::::::*
cpe:2.3:a:foolabs:xpdf:0.92d:::::::*
cpe:2.3:a:foolabs:xpdf:0.92e:::::::*
cpe:2.3:a:foolabs:xpdf:0.93a:::::::*
cpe:2.3:a:foolabs:xpdf:0.93b:::::::*
cpe:2.3:a:foolabs:xpdf:0.93c:::::::*
cpe:2.3:a:foolabs:xpdf:1.00a:::::::*
cpe:2.3:a:foolabs:xpdf:3.0.1:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*
cpe:2.3:a:glyphandcog:xpdfreader::::::::		3.02