cvelistv5 - cve-2009-0658

CVE-2009-0658 (GCVE-0-2009-0658)

Vulnerability from cvelistv5

Published

2009-02-20 19:00

Modified

2024-08-07 04:40

Severity ?

CWE

Summary

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

References

URL

Tags

cve@mitre.org	http://isc.sans.org/diary.html?n&storyid=5902	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	Third Party Advisory
cve@mitre.org	http://osvdb.org/52073	Broken Link
cve@mitre.org	http://secunia.com/advisories/33901	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34392	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34490	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34706	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34790	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200904-17.xml	Third Party Advisory
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1	Third Party Advisory
cve@mitre.org	http://www.adobe.com/support/security/advisories/apsa09-01.html	Vendor Advisory
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-04.html	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/905281	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-0376.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33751	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1021739	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219	Third Party Advisory
cve@mitre.org	http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2	Third Party Advisory
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-051A.html	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0472	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1019	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48825	VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697	Tool Signature
cve@mitre.org	https://www.exploit-db.com/exploits/8090	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/8099	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?n&storyid=5902	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/52073	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33901	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34392	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34490	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34706	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34790	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200904-17.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa09-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-04.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/905281	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0376.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33751	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021739	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-051A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0472	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1019	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48825	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697	Tool Signature
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8090	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8099	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.123Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
          },
          {
            "name": "34790",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34790"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
          },
          {
            "name": "8099",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8099"
          },
          {
            "name": "oval:org.mitre.oval:def:5697",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
          },
          {
            "name": "TA09-051A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
          },
          {
            "name": "52073",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52073"
          },
          {
            "name": "34490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34490"
          },
          {
            "name": "33901",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33901"
          },
          {
            "name": "RHSA-2009:0376",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
          },
          {
            "name": "34392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34392"
          },
          {
            "name": "SUSE-SA:2009:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
          },
          {
            "name": "34706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34706"
          },
          {
            "name": "ADV-2009-0472",
            "tags": [
              "third-party-advisory",
              "x_refsource_FRSIRT",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0472"
          },
          {
            "name": "VU#905281",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/905281"
          },
          {
            "name": "256788",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
          },
          {
            "name": "33751",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33751"
          },
          {
            "name": "adobe-acrobat-reader-image-bo(48825)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
          },
          {
            "name": "1021739",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021739"
          },
          {
            "name": "8090",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8090"
          },
          {
            "name": "GLSA-200904-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
          },
          {
            "name": "SUSE-SR:2009:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
          },
          {
            "name": "ADV-2009-1019",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
        },
        {
          "name": "34790",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34790"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
        },
        {
          "name": "8099",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8099"
        },
        {
          "name": "oval:org.mitre.oval:def:5697",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
        },
        {
          "name": "TA09-051A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
        },
        {
          "name": "52073",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52073"
        },
        {
          "name": "34490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34490"
        },
        {
          "name": "33901",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33901"
        },
        {
          "name": "RHSA-2009:0376",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
        },
        {
          "name": "34392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34392"
        },
        {
          "name": "SUSE-SA:2009:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
        },
        {
          "name": "34706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34706"
        },
        {
          "name": "ADV-2009-0472",
          "tags": [
            "third-party-advisory",
            "x_refsource_FRSIRT"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0472"
        },
        {
          "name": "VU#905281",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/905281"
        },
        {
          "name": "256788",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
        },
        {
          "name": "33751",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33751"
        },
        {
          "name": "adobe-acrobat-reader-image-bo(48825)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
        },
        {
          "name": "1021739",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021739"
        },
        {
          "name": "8090",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8090"
        },
        {
          "name": "GLSA-200904-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
        },
        {
          "name": "SUSE-SR:2009:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
        },
        {
          "name": "ADV-2009-1019",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219",
              "refsource": "MISC",
              "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
            },
            {
              "name": "34790",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34790"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
            },
            {
              "name": "8099",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8099"
            },
            {
              "name": "oval:org.mitre.oval:def:5697",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
            },
            {
              "name": "http://isc.sans.org/diary.html?n\u0026storyid=5902",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
            },
            {
              "name": "TA09-051A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
            },
            {
              "name": "52073",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52073"
            },
            {
              "name": "34490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34490"
            },
            {
              "name": "33901",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33901"
            },
            {
              "name": "RHSA-2009:0376",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
            },
            {
              "name": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2",
              "refsource": "MISC",
              "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
            },
            {
              "name": "34392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34392"
            },
            {
              "name": "SUSE-SA:2009:014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
            },
            {
              "name": "34706",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34706"
            },
            {
              "name": "ADV-2009-0472",
              "refsource": "FRSIRT",
              "url": "http://www.vupen.com/english/advisories/2009/0472"
            },
            {
              "name": "VU#905281",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/905281"
            },
            {
              "name": "256788",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
            },
            {
              "name": "33751",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33751"
            },
            {
              "name": "adobe-acrobat-reader-image-bo(48825)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
            },
            {
              "name": "1021739",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021739"
            },
            {
              "name": "8090",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8090"
            },
            {
              "name": "GLSA-200904-17",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
            },
            {
              "name": "SUSE-SR:2009:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
            },
            {
              "name": "ADV-2009-1019",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0658",
    "datePublished": "2009-02-20T19:00:00",
    "dateReserved": "2009-02-20T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0658\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-20T19:30:00.390\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del b\u00fafer en Adobe Reader versi\u00f3n 9.0 y anteriores, y Acrobat  versi\u00f3n 9.0 y anteriores, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento PDF creado, relacionado con una llamada a una funci\u00f3n que no sea JavaScript y posiblemente una secuencia de im\u00e1genes del componente JBIG2 incrustada, tal como se explot\u00f3 \u201cin the wild\u201d en febrero de 2009 por Trojan.Pidief.E.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.1.1\",\"matchCriteriaId\":\"C45837B4-F4F9-45DC-B324-48BD4AB51973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndIncluding\":\"8.1.4\",\"matchCriteriaId\":\"5C1BEE55-AAE2-4D61-9156-7E34692469C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA53564-9ACD-4CFB-9AAC-A77440026A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.1.1\",\"matchCriteriaId\":\"4BB02266-8184-4A96-A1F0-66C9A3F0A329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndIncluding\":\"8.1.4\",\"matchCriteriaId\":\"07DD4484-A823-4B8B-8939-44A553E2FD63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"562772F1-1627-438E-A6B8-7D1AA5536086\"}]}]}],\"references\":[{\"url\":\"http://isc.sans.org/diary.html?n\u0026storyid=5902\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/52073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33901\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34392\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34490\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34706\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34790\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200904-17.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-01.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/905281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0376.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33751\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1021739\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-051A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0472\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1019\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48825\",\"source\":\"cve@mitre.org\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697\",\"source\":\"cve@mitre.org\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://www.exploit-db.com/exploits/8090\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8099\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://isc.sans.org/diary.html?n\u0026storyid=5902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/52073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200904-17.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/905281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0376.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1021739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-051A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0472\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://www.exploit-db.com/exploits/8090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

rhsa-2009:0376

Vulnerability from csaf_redhat

Published

2009-03-25 13:48

Modified

2025-11-08 03:24

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple input validation flaws were discovered in the JBIG2 compressed images decoder used by Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nMultiple input validation flaws were discovered in the JBIG2 compressed\nimages decoder used by Adobe Reader. A malicious PDF file could cause Adobe\nReader to crash or, potentially, execute arbitrary code as the user running\nAdobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061,\nCVE-2009-1062)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 8.1.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0376",
        "url": "https://access.redhat.com/errata/RHSA-2009:0376"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "486928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0376.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:24:06+00:00",
      "generator": {
        "date": "2025-11-08T03:24:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:0376",
      "initial_release_date": "2009-03-25T13:48:00+00:00",
      "revision_history": [
        {
          "date": "2009-03-25T13:48:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-03-25T09:48:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:24:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.el5.i386",
                  "product_id": "acroread-0:8.1.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.el4.i386",
                  "product_id": "acroread-0:8.1.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.i386",
                  "product_id": "acroread-0:8.1.4-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0193",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0193"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0193"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-0658",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0658"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-0928",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0928"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0928"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0928",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0928"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-1061",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and \"input validation,\" a different vulnerability than CVE-2009-0193 and CVE-2009-1062.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1061"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1061"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-1062",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1062"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1062"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    }
  ]
}

rhsa-2009_0376

Vulnerability from csaf_redhat

Published

2009-03-25 13:48

Modified

2024-11-14 10:07

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nMultiple input validation flaws were discovered in the JBIG2 compressed\nimages decoder used by Adobe Reader. A malicious PDF file could cause Adobe\nReader to crash or, potentially, execute arbitrary code as the user running\nAdobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061,\nCVE-2009-1062)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 8.1.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0376",
        "url": "https://access.redhat.com/errata/RHSA-2009:0376"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "486928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0376.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:07:14+00:00",
      "generator": {
        "date": "2024-11-14T10:07:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2009:0376",
      "initial_release_date": "2009-03-25T13:48:00+00:00",
      "revision_history": [
        {
          "date": "2009-03-25T13:48:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-03-25T09:48:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:07:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.el5.i386",
                  "product_id": "acroread-0:8.1.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.el4.i386",
                  "product_id": "acroread-0:8.1.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.i386",
                  "product_id": "acroread-0:8.1.4-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0193",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0193"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0193"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-0658",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0658"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-0928",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0928"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0928"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0928",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0928"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-1061",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and \"input validation,\" a different vulnerability than CVE-2009-0193 and CVE-2009-1062.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1061"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1061"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-1062",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1062"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1062"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    }
  ]
}

RHSA-2009:0376

Vulnerability from csaf_redhat

Published

2009-03-25 13:48

Modified

2025-11-08 03:24

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nMultiple input validation flaws were discovered in the JBIG2 compressed\nimages decoder used by Adobe Reader. A malicious PDF file could cause Adobe\nReader to crash or, potentially, execute arbitrary code as the user running\nAdobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061,\nCVE-2009-1062)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 8.1.4, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0376",
        "url": "https://access.redhat.com/errata/RHSA-2009:0376"
      },
      {
        "category": "external",
        "summary": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
        "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "486928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0376.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2025-11-08T03:24:06+00:00",
      "generator": {
        "date": "2025-11-08T03:24:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:0376",
      "initial_release_date": "2009-03-25T13:48:00+00:00",
      "revision_history": [
        {
          "date": "2009-03-25T13:48:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-03-25T09:48:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-08T03:24:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.el5.i386",
                  "product_id": "acroread-0:8.1.4-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.el4.i386",
                  "product_id": "acroread-0:8.1.4-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.4-1.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.4-1.i386",
                  "product_id": "acroread-plugin-0:8.1.4-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.4-1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.4-1.i386",
                "product": {
                  "name": "acroread-0:8.1.4-1.i386",
                  "product_id": "acroread-0:8.1.4-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.4-1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.4-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.4-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.4-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0193",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0193"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0193"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-0658",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0658"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-0928",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0928"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0928"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0928",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0928"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-1061",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and \"input validation,\" a different vulnerability than CVE-2009-0193 and CVE-2009-1062.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1061"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1061"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    },
    {
      "cve": "CVE-2009-1062",
      "discovery_date": "2009-02-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "486928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: multiple JBIG2-related security flaws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.4-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-0:8.1.4-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3ES-LACD:acroread-0:8.1.4-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
          "3WS-LACD:acroread-0:8.1.4-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
          "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1062"
        },
        {
          "category": "external",
          "summary": "RHBZ#486928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1062"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1062",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1062"
        }
      ],
      "release_date": "2009-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-03-25T13:48:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0376"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.4-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-0:8.1.4-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3ES-LACD:acroread-0:8.1.4-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.4-1.i386",
            "3WS-LACD:acroread-0:8.1.4-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.4-1.i386",
            "4AS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.4-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.4-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.4-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.4-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.4-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.4-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: multiple JBIG2-related security flaws"
    }
  ]
}

CERTA-2009-AVI-094

Vulnerability from certfr_avis

Une vulnérabilité dans l'interprétation des documents PDF par différents lecteurs permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Une erreur dans différents produits relative à l'interprétation des objets encodés au format JBIG2 dans des fichiers PDF permet à un utilisateur de provoquer l'arrêt du logiciel (crash).

Elle permet également l'exécution de code arbitraire sur le système vulnérable avec les droits de l'utilisateur.

L'exploitation de la vulnérabilité ne nécessite pas nécessairement :

l'intervention de l'utilisateur ;
l'activation ou la désactivation du support du langage JavaScript.

Certains codes d'exploitation circulant actuellement sur l'Internet sont reconnus par des antivirus sous divers noms : Trojan.Pidief.E, Bloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...

Certains lecteurs PDF installent une extension permettant à l'explorateur de fichiers de Microsoft Windows de réaliser un aperçu des fichiers au format PDF. De ce fait, la vulnérabilité peut également être exploitée par les méthodes suivantes :

lors de la sélection d'un fichier PDF exploitant cette vulnérabilité ;
lors de l'exploration d'un répertoire avec un affichage en mode miniature des icônes.

De plus, il semblerait que cette vulnérabilité puisse être exploitée lors de l'affichage de l'infobulle lié à un fichier PDF malveillant dont les méta-données ont été spécialement construites.

Enfin, l'utilisation de services d'indexation automatique (comme WIS, Windows Indexing Services) pourrait déclencher l'exploitation de la vulnérabilité sur un fichier présent sur l'espace de stockage sans intervention particulière de l'utilisateur.

Solution

Se référer à la documentation des éditeurs afin d'obtenir les correctifs (cf. Documentation).

None

Impacted products

Vendor	Product	Description
Foxit	PDF Reader	Adobe Reader versions 9.x, 8.x et 7.x ;
N/A	N/A	Xpdf versions antérieures à la mise à jour 3.02pl3.
Adobe	Acrobat	Adobe Acrobat Standard, Pro et Pro Extended, versions 9.x, 8.x et 7.x.
Foxit	N/A	KDE versions antérieures à la version 3.4.5-12 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-03 du 10 mars 2009	None	vendor-advisory
Bulletin de sécurité Adobe APSB09-04 du 18 mars 2009	None	vendor-advisory
Mise à jour Xpdf du 30 mars 2009 :	-	other
Bulletin de sécurité Red Hat RSHA-2009-0431 et RSHA-2009-430 du 16 avril 2009 :	-	other
Alerte CERTA-2009-ALE-001 du 20 février 2009:	-	other
Avis de sécurité Adobe apsa09-01 du 19 février 2009 :	-	other
Bulletin de sécurité Red Hat RSHA-2009-0431 et RSHA-2009-430 du 16 avril 2009 :	-	other
Bulletin de sécurité Adobe apsb09-03 du 10 mars 2009 :	-	other
Document du CERTA CERTA-2009-ALE-001 du 20 février 2009 :	-	other
Bulletin de sécurité Adobe apsb09-04 du 18 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader versions 9.x, 8.x et 7.x ;",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "Xpdf versions ant\u00e9rieures \u00e0 la mise \u00e0 jour 3.02pl3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat Standard, Pro et Pro Extended, versions 9.x, 8.x et 7.x.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "KDE versions ant\u00e9rieures \u00e0 la version 3.4.5-12 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur dans diff\u00e9rents produits relative \u00e0 l\u0027interpr\u00e9tation des\nobjets encod\u00e9s au format JBIG2 dans des fichiers PDF permet \u00e0 un\nutilisateur de provoquer l\u0027arr\u00eat du logiciel (crash).\n\nElle permet \u00e9galement l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me\nvuln\u00e9rable avec les droits de l\u0027utilisateur.\n\nL\u0027exploitation de la vuln\u00e9rabilit\u00e9 ne n\u00e9cessite pas n\u00e9cessairement :\n\n-   l\u0027intervention de l\u0027utilisateur ;\n-   l\u0027activation ou la d\u00e9sactivation du support du langage JavaScript.\n\n  \n  \n\nCertains codes d\u0027exploitation circulant actuellement sur l\u0027Internet sont\nreconnus par des antivirus sous divers noms\u00a0: Trojan.Pidief.E,\nBloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...\n\n  \n  \n\nCertains lecteurs PDF installent une extension permettant \u00e0\nl\u0027explorateur de fichiers de Microsoft Windows de r\u00e9aliser un aper\u00e7u des\nfichiers au format PDF. De ce fait, la vuln\u00e9rabilit\u00e9 peut \u00e9galement \u00eatre\nexploit\u00e9e par les m\u00e9thodes suivantes :\n\n-   lors de la s\u00e9lection d\u0027un fichier PDF exploitant cette vuln\u00e9rabilit\u00e9\n    ;\n-   lors de l\u0027exploration d\u0027un r\u00e9pertoire avec un affichage en mode\n    miniature des ic\u00f4nes.\n\nDe plus, il semblerait que cette vuln\u00e9rabilit\u00e9 puisse \u00eatre exploit\u00e9e\nlors de l\u0027affichage de l\u0027infobulle li\u00e9 \u00e0 un fichier PDF malveillant dont\nles m\u00e9ta-donn\u00e9es ont \u00e9t\u00e9 sp\u00e9cialement construites.\n\nEnfin, l\u0027utilisation de services d\u0027indexation automatique (comme WIS,\nWindows Indexing Services) pourrait d\u00e9clencher l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9 sur un fichier pr\u00e9sent sur l\u0027espace de stockage sans\nintervention particuli\u00e8re de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la documentation des \u00e9diteurs afin d\u0027obtenir les correctifs\n(cf. Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
    },
    {
      "name": "CVE-2009-0927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
    }
  ],
  "initial_release_date": "2009-03-11T00:00:00",
  "last_revision_date": "2009-04-17T00:00:00",
  "links": [
    {
      "title": "Mise \u00e0 jour Xpdf du 30 mars 2009 :",
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RSHA-2009-0431 et    RSHA-2009-430 du 16 avril 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0430.html"
    },
    {
      "title": "Alerte CERTA-2009-ALE-001 du 20 f\u00e9vrier 2009:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-001/"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Adobe apsa09-01 du 19 f\u00e9vrier 2009 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RSHA-2009-0431 et    RSHA-2009-430 du 16 avril 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0431.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-03 du 10 mars 2009 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-03.html"
    },
    {
      "title": "Document du CERTA CERTA-2009-ALE-001 du 20 f\u00e9vrier 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-001/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-04 du 18 mars 2009\u00a0:",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    }
  ],
  "reference": "CERTA-2009-AVI-094",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2009-03-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 APSB09-04 concernant les versions 7.x et 8.x ;",
      "revision_date": "2009-03-20T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Red Hat et Xpdf.",
      "revision_date": "2009-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation des documents PDF par diff\u00e9rents\nlecteurs permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation JBIG2 dans le format PDF",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-03 du 10 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-04 du 18 mars 2009",
      "url": null
    }
  ]
}

ghsa-pm5j-jrq9-vmhx

Vulnerability from github

Published

2022-05-02 03:17

Modified

2022-05-02 03:17

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-20T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",
  "id": "GHSA-pm5j-jrq9-vmhx",
  "modified": "2022-05-02T03:17:23Z",
  "published": "2022-05-02T03:17:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0658"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8090"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8099"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/52073"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33901"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34392"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34490"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34706"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34790"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/905281"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33751"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021739"
    },
    {
      "type": "WEB",
      "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0472"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2009-0658

Vulnerability from fkie_nvd

Published

2009-02-20 19:30

Modified

2025-04-09 00:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://isc.sans.org/diary.html?n&storyid=5902	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	Third Party Advisory
cve@mitre.org	http://osvdb.org/52073	Broken Link
cve@mitre.org	http://secunia.com/advisories/33901	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34392	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34490	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34706	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/34790	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200904-17.xml	Third Party Advisory
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1	Third Party Advisory
cve@mitre.org	http://www.adobe.com/support/security/advisories/apsa09-01.html	Vendor Advisory
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-04.html	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/905281	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-0376.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33751	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1021739	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219	Third Party Advisory
cve@mitre.org	http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2	Third Party Advisory
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-051A.html	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0472	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1019	Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48825	VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697	Tool Signature
cve@mitre.org	https://www.exploit-db.com/exploits/8090	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/8099	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?n&storyid=5902	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/52073	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33901	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34392	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34490	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34706	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34790	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200904-17.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa09-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-04.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/905281	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0376.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33751	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021739	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-051A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0472	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1019	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48825	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697	Tool Signature
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8090	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8099	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
adobe	acrobat	*
adobe	acrobat	*
adobe	acrobat	9.0
adobe	acrobat_reader	*
adobe	acrobat_reader	*
adobe	acrobat_reader	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C45837B4-F4F9-45DC-B324-48BD4AB51973",
              "versionEndIncluding": "7.1.1",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1BEE55-AAE2-4D61-9156-7E34692469C1",
              "versionEndIncluding": "8.1.4",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA53564-9ACD-4CFB-9AAC-A77440026A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB02266-8184-4A96-A1F0-66C9A3F0A329",
              "versionEndIncluding": "7.1.1",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DD4484-A823-4B8B-8939-44A553E2FD63",
              "versionEndIncluding": "8.1.4",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "562772F1-1627-438E-A6B8-7D1AA5536086",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en Adobe Reader versi\u00f3n 9.0 y anteriores, y Acrobat  versi\u00f3n 9.0 y anteriores, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento PDF creado, relacionado con una llamada a una funci\u00f3n que no sea JavaScript y posiblemente una secuencia de im\u00e1genes del componente JBIG2 incrustada, tal como se explot\u00f3 \u201cin the wild\u201d en febrero de 2009 por Trojan.Pidief.E."
    }
  ],
  "id": "CVE-2009-0658",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2009-02-20T19:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/52073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33901"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34392"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34490"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34706"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34790"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/905281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33751"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1021739"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1019"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8090"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/52073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/905281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1021739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8099"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-ALE-001

Vulnerability from certfr_alerte

Une vulnérabilité dans les produits Adobe permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Une erreur dans les produits Adobe relative à l'interprétation des objets encodés au format JBIG2 dans des fichiers PDF permet à un utilisateur de provoquer inopinément l'arrêt du logiciel (crash).

Elle permet également l'exécution de code arbitraire sur le système vulnérable avec les droits de l'utilisateur.

L'exploitation de la vulnérabilité ne nécessite pas nécessairement :

l'intervention de l'utilisateur ;
l'activation ou la désactivation du support Adobe JavaScript.

Certains codes d'exploitation circulant actuellement sur l'Internet sont reconnus par des antivirus sous divers noms : Trojan.Pidief.E, Bloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...

L'application Adobe installe une extension permettant à l'explorateur de fichiers de Microsoft Windows de réaliser un aperçu des fichiers au format PDF. De ce fait, la vulnérabilité peut également être exploitée par les méthodes suivantes :

lors de la sélection d'un fichier PDF exploitant cette vulnérabilité ;
lors de l'exploration d'un répertoire avec un affichage en mode miniature des icônes.

Contournement provisoire

L'éditeur Adobe annonce qu'un correctif pour la version 9.x sera disponible le 11 mars 2009.

[11 mars 2009] : L'éditeur a mis à disposition un correctif de sécurité pour les versions 9 de Adobe Reader et Acrobat. Se référer au bulletin de sécurité Adobe apsb09-03 du 10 mars 2009 pour l'obtention des correctifs (cf. section Documentation).

[20 mars 2009] : L'éditeur a mis à disposition un correctif de sécurité pour les versions 8 et 7 de Adobe Reader et Acrobat. Se référer au bulletin de sécurité Adobe apsb09-04 du 18 mars 2009 pour l'obtention des correctifs (cf. section Documentation).

Dans l'attente d'un correctif de l'éditeur, plusieurs mesures peuvent diminuer les risques :

utiliser un lecteur alternatif à jour. Certains peuvent fermer inopinément à l'ouverture d'un document PDF malveillant mais l'exploitation de la vulnérabilité pour exécuter du code arbitraire n'est pas, à la date de rédaction de ce bulletin, avérée ;
pour gêner certains codes d'exploitation, désactiver le Javascript dans les lecteur PDF Adobe et ne l'activer qu'en cas de stricte nécessité. Cette mesure s'effectue directement dans l'interface de configuration de l'application ou en mettant à 0, pour les systèmes Windows uniquement, la valeur de la variable bEnableJS qui se trouve :
```
pour Adobe Reader dans :
        HCU\Software\Adobe\Acrobat Reader\<version>.0\JSPrefs
pour Adobe Acrobat dans :
        HCU\Software\Adobe\Adobe Acrobat\<version>.0\JSPrefs
```
mettre les pièces jointes au format PDF en quarantaine dans l'attente du correctif.

Par ailleurs, de bonnes pratiques permettent d'atténuer les impacts :

n'ouvrir que les documents au format PDF provenant d'une source de confiance ;
travailler avec un compte aux droits limités.

Afin de limiter l'impact d'un fichier PDF spécialement construit dans le contexte de l'explorateur de fichiers de Microsoft Windows, le contournement suivant peut être appliqué :

Après l'avoir sauvegardée, supprimer de la base de registre la clé :
HKEY_CLASSES_ROOT\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}

Exemple d'application avec un interpréteur de commandes sous Microsoft Windows :

regsvr32 /u ``c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll''

ou encore :

reg export HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} .\export.reg
reg delete HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}

Solution

Se référer aux bulletins de sécurité Adobe APSB09-03 et APSB09-04 publiés le 10 et le 18 mars respectivement pour l'obtention des correctifs (cf. section Documentation). Le CERTA a émis l'avis CERTA-2009-AVI-094 à ce sujet.

None

Impacted products

	Vendor	Product	Description
	Adobe	Acrobat	Adobe Acrobat Standard, Pro et Pro Extended, versions 9.x, 8.x et 7.x.
	Adobe	N/A	Adobe Reader versions 9.x, 8.x et 7.x ;

References

Title

Publication Time

Tags

Avis de sécurité Adobe APSA09-01 du 19 février 2009	None	vendor-advisory
Bulletin de sécurité du CERTA CERTA-2009-AVI-094 du 11 mars 2009 :	-	other
Bulletin de sécurité Adobe apsa09-01 du 19 février 2009 :	-	other
Bulletin d'actualité CERTA-2009-ACT-008, « Vulnérabilité non corrigée dans Adobe Reader » :	-	other
Bulletin d'actualité CERTA-2009-ACT-010, « Retour sur la vulnérabilité PDF » :	-	other
Bulletin de sécurité Adobe apsb09-03 du 10 mars 2009 :	-	other
Bulletin de sécurité Adobe apsb09-04 du 18 mars 2009 :	-	other
Bulletin d'actualité CERTA-2009-ACT-009, « Retour sur l'alerte CERTA-2009-ALE-001 concernant Adobe » :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Acrobat Standard, Pro et Pro Extended, versions 9.x, 8.x et 7.x.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader versions 9.x, 8.x et 7.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-03-20",
  "content": "## Description\n\nUne erreur dans les produits Adobe relative \u00e0 l\u0027interpr\u00e9tation des\nobjets encod\u00e9s au format JBIG2 dans des fichiers PDF permet \u00e0 un\nutilisateur de provoquer inopin\u00e9ment l\u0027arr\u00eat du logiciel (crash).\n\nElle permet \u00e9galement l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me\nvuln\u00e9rable avec les droits de l\u0027utilisateur.\n\nL\u0027exploitation de la vuln\u00e9rabilit\u00e9 ne n\u00e9cessite pas n\u00e9cessairement\u00a0:\n\n-   l\u0027intervention de l\u0027utilisateur ;\n-   l\u0027activation ou la d\u00e9sactivation du support Adobe JavaScript.\n\n  \n  \n\nCertains codes d\u0027exploitation circulant actuellement sur l\u0027Internet sont\nreconnus par des antivirus sous divers noms\u00a0: Trojan.Pidief.E,\nBloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...\n\n  \n  \n\nL\u0027application Adobe installe une extension permettant \u00e0 l\u0027explorateur de\nfichiers de Microsoft Windows de r\u00e9aliser un aper\u00e7u des fichiers au\nformat PDF. De ce fait, la vuln\u00e9rabilit\u00e9 peut \u00e9galement \u00eatre exploit\u00e9e\npar les m\u00e9thodes suivantes :\n\n-   lors de la s\u00e9lection d\u0027un fichier PDF exploitant cette vuln\u00e9rabilit\u00e9\n    ;\n-   lors de l\u0027exploration d\u0027un r\u00e9pertoire avec un affichage en mode\n    miniature des ic\u00f4nes.\n\nDe plus, il semblerait que cette vuln\u00e9rabilit\u00e9 puisse \u00eatre exploit\u00e9e\nlors de l\u0027affichage de l\u0027infobulle li\u00e9 \u00e0 un fichier PDF malveillant dont\nles m\u00e9ta-donn\u00e9es ont \u00e9t\u00e9 sp\u00e9cialement construites.\n\nEnfin, l\u0027utilisation de services d\u0027indexation automatique (comme WIS,\nWindows Indexing Services) pourrait d\u00e9clencher l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9 sur un fichier pr\u00e9sent sur l\u0027espace de stockage sans\nintervention particuli\u00e8re de l\u0027utilisateur.\n\n## Contournement provisoire\n\nL\u0027\u00e9diteur Adobe annonce qu\u0027un correctif pour la version 9.x sera\ndisponible le 11 mars 2009.\n\n\u003cspan class=\"textbf\"\u003e\\[11 mars 2009\\]\u003c/span\u003e : L\u0027\u00e9diteur a mis \u00e0\ndisposition un correctif de s\u00e9curit\u00e9 pour les versions 9 de Adobe Reader\net Acrobat. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Adobe apsb09-03 du 10\nmars 2009 pour l\u0027obtention des correctifs (cf. section Documentation).\n\n\u003cspan class=\"textbf\"\u003e\\[20 mars 2009\\]\u003c/span\u003e : L\u0027\u00e9diteur a mis \u00e0\ndisposition un correctif de s\u00e9curit\u00e9 pour les versions 8 et 7 de Adobe\nReader et Acrobat. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Adobe apsb09-04 du\n18 mars 2009 pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n\nDans l\u0027attente d\u0027un correctif de l\u0027\u00e9diteur, plusieurs mesures peuvent\ndiminuer les risques :\n\n-   utiliser un lecteur alternatif \u00e0 jour. Certains peuvent fermer\n    inopin\u00e9ment \u00e0 l\u0027ouverture d\u0027un document PDF malveillant mais\n    l\u0027exploitation de la vuln\u00e9rabilit\u00e9 pour ex\u00e9cuter du code arbitraire\n    n\u0027est pas, \u00e0 la date de r\u00e9daction de ce bulletin, av\u00e9r\u00e9e\u00a0;\n\n-   pour g\u00eaner certains codes d\u0027exploitation, d\u00e9sactiver le Javascript\n    dans les lecteur PDF Adobe et ne l\u0027activer qu\u0027en cas de stricte\n    n\u00e9cessit\u00e9. Cette mesure s\u0027effectue directement dans l\u0027interface de\n    configuration de l\u0027application ou en mettant \u00e0 0, pour les syst\u00e8mes\n    Windows uniquement, la valeur de la variable bEnableJS qui se\n    trouve\u00a0:\n\n        pour Adobe Reader dans :\n                HCU\\Software\\Adobe\\Acrobat Reader\\\u003cversion\u003e.0\\JSPrefs\n        pour Adobe Acrobat dans :\n                HCU\\Software\\Adobe\\Adobe Acrobat\\\u003cversion\u003e.0\\JSPrefs\n\n-   mettre les pi\u00e8ces jointes au format PDF en quarantaine dans\n    l\u0027attente du correctif.\n\nPar ailleurs, de bonnes pratiques permettent d\u0027att\u00e9nuer les impacts\u00a0:\n\n-   n\u0027ouvrir que les documents au format PDF provenant d\u0027une source de\n    confiance\u00a0;\n-   travailler avec un compte aux droits limit\u00e9s.\n\n  \n\nAfin de limiter l\u0027impact d\u0027un fichier PDF sp\u00e9cialement construit dans le\ncontexte de l\u0027explorateur de fichiers de Microsoft Windows, le\ncontournement suivant peut \u00eatre appliqu\u00e9 :\n\n-   Apr\u00e8s l\u0027avoir sauvegard\u00e9e, supprimer de la base de registre la cl\u00e9\n    :  \n    `HKEY_CLASSES_ROOT\\CLSID\\{F9DB5320-233E-11D1-9F84-707F02C10627}`\n\nExemple d\u0027application avec un interpr\u00e9teur de commandes sous Microsoft\nWindows :\n\n    regsvr32 /u ``c:\\Program Files\\Fichiers communs\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll\u0027\u0027\n\nou encore :\n\n    reg export HKCR\\CLSID\\{F9DB5320-233E-11D1-9F84-707F02C10627} .\\export.reg\n    reg delete HKCR\\CLSID\\{F9DB5320-233E-11D1-9F84-707F02C10627}\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 Adobe APSB09-03 et APSB09-04\npubli\u00e9s le 10 et le 18 mars respectivement pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Le CERTA a \u00e9mis l\u0027avis\nCERTA-2009-AVI-094 \u00e0 ce sujet.\n",
  "cves": [
    {
      "name": "CVE-2009-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
    }
  ],
  "initial_release_date": "2009-02-20T00:00:00",
  "last_revision_date": "2009-03-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 du CERTA CERTA-2009-AVI-094 du 11 mars    2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-094/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa09-01 du 19 f\u00e9vrier 2009 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2009-ACT-008, \u00ab Vuln\u00e9rabilit\u00e9    non corrig\u00e9e dans Adobe Reader \u00bb\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ACT-008.pdf"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2009-ACT-010, \u00ab Retour sur la    vuln\u00e9rabilit\u00e9 PDF \u00bb\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ACT-010.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-03 du 10 mars 2009 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-03.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-04 du 18 mars 2009\u00a0:",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2009-ACT-009, \u00ab Retour sur    l\u0027alerte CERTA-2009-ALE-001 concernant Adobe \u00bb\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ACT-009.pdf"
    }
  ],
  "reference": "CERTA-2009-ALE-001",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-20T00:00:00.000000"
    },
    {
      "description": "ajout des cl\u00e9s de registre pour la d\u00e9sactivation de l\u0027interpr\u00e9tation JS par GPO.",
      "revision_date": "2009-02-23T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour de la section \u00abDescription\u00bb et de la section \u00abContournement provisoire\u00bb.",
      "revision_date": "2009-03-06T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins d\u0027actualit\u00e9 du CERTA.",
      "revision_date": "2009-03-10T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 d\u0027Adobe et du CERTA.",
      "revision_date": "2009-03-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences au dernier bulletin de s\u00e9curit\u00e9 d\u0027Adobe APSB09-04.",
      "revision_date": "2009-03-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans les produits Adobe permet \u00e0 un utilisateur\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation JBIG2 des produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Adobe APSA09-01 du 19 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

gsd-2009-0658

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-0658

Aliases

CVE-2009-0658

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0658",
    "description": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",
    "id": "GSD-2009-0658",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0658.html",
      "https://access.redhat.com/errata/RHSA-2009:0376",
      "https://packetstormsecurity.com/files/cve/CVE-2009-0658"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0658"
      ],
      "details": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",
      "id": "GSD-2009-0658",
      "modified": "2023-12-13T01:19:44.029372Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0658",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219",
            "refsource": "MISC",
            "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
          },
          {
            "name": "34790",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34790"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
          },
          {
            "name": "8099",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8099"
          },
          {
            "name": "oval:org.mitre.oval:def:5697",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
          },
          {
            "name": "http://isc.sans.org/diary.html?n\u0026storyid=5902",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
          },
          {
            "name": "TA09-051A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa09-01.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
          },
          {
            "name": "52073",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/52073"
          },
          {
            "name": "34490",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34490"
          },
          {
            "name": "33901",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33901"
          },
          {
            "name": "RHSA-2009:0376",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
          },
          {
            "name": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2",
            "refsource": "MISC",
            "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
          },
          {
            "name": "34392",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34392"
          },
          {
            "name": "SUSE-SA:2009:014",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
          },
          {
            "name": "34706",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34706"
          },
          {
            "name": "ADV-2009-0472",
            "refsource": "FRSIRT",
            "url": "http://www.vupen.com/english/advisories/2009/0472"
          },
          {
            "name": "VU#905281",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/905281"
          },
          {
            "name": "256788",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
          },
          {
            "name": "33751",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33751"
          },
          {
            "name": "adobe-acrobat-reader-image-bo(48825)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
          },
          {
            "name": "1021739",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021739"
          },
          {
            "name": "8090",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8090"
          },
          {
            "name": "GLSA-200904-17",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
          },
          {
            "name": "SUSE-SR:2009:009",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
          },
          {
            "name": "ADV-2009-1019",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1019"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.1",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.4",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.4",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.1",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0658"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://isc.sans.org/diary.html?n\u0026storyid=5902",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://isc.sans.org/diary.html?n\u0026storyid=5902"
            },
            {
              "name": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99\u0026tabid=2"
            },
            {
              "name": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
            },
            {
              "name": "33751",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/33751"
            },
            {
              "name": "33901",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/33901"
            },
            {
              "name": "VU#905281",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/905281"
            },
            {
              "name": "52073",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/52073"
            },
            {
              "name": "1021739",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1021739"
            },
            {
              "name": "TA09-051A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
            },
            {
              "name": "RHSA-2009:0376",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
            },
            {
              "name": "34392",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34392"
            },
            {
              "name": "34490",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34490"
            },
            {
              "name": "SUSE-SA:2009:014",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
            },
            {
              "name": "256788",
              "refsource": "SUNALERT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
            },
            {
              "name": "34706",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34706"
            },
            {
              "name": "SUSE-SR:2009:009",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
            },
            {
              "name": "34790",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/34790"
            },
            {
              "name": "ADV-2009-1019",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1019"
            },
            {
              "name": "GLSA-200904-17",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
            },
            {
              "name": "ADV-2009-0472",
              "refsource": "FRSIRT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0472"
            },
            {
              "name": "adobe-acrobat-reader-image-bo(48825)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
            },
            {
              "name": "8099",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/8099"
            },
            {
              "name": "8090",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/8090"
            },
            {
              "name": "oval:org.mitre.oval:def:5697",
              "refsource": "OVAL",
              "tags": [
                "Tool Signature"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-09-27T16:48Z",
      "publishedDate": "2009-02-20T19:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-0658 (GCVE-0-2009-0658)

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from certfr_avis

Description

Solution

Vulnerability from github

Vulnerability from fkie_nvd

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

Vulnerability from gsd

Tags

Sightings

Nomenclature