CVE-2009-0195

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

Published: Apr 23, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-0195
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
foolabs / xpdf	0.91c	0.91c.x
foolabs / xpdf	0.91b	0.91b.x
apple / cups	1.3.9	1.3.9.x
foolabs / xpdf	0.93b	0.93b.x
foolabs / xpdf	1.00a	1.00a.x
foolabs / xpdf	0.91a	0.91a.x
foolabs / xpdf	0.92e	0.92e.x
foolabs / xpdf	0.5a	0.5a.x
foolabs / xpdf	0.92b	0.92b.x
foolabs / xpdf	0.93c	0.93c.x
foolabs / xpdf	0.92c	0.92c.x
foolabs / xpdf	0.7a	0.7a.x
foolabs / xpdf	0.93a	0.93a.x
foolabs / xpdf	3.0.1	3.0.1.x
foolabs / xpdf	0.92d	0.92d.x
foolabs / xpdf	0.92a	0.92a.x
glyphandcog / xpdfreader	0.2	0.2.x
glyphandcog / xpdfreader	0.3	0.3.x
glyphandcog / xpdfreader	0.4	0.4.x
glyphandcog / xpdfreader	0.5	0.5.x
glyphandcog / xpdfreader	0.6	0.6.x
glyphandcog / xpdfreader	0.80	0.80.x
glyphandcog / xpdfreader	0.90	0.90.x
glyphandcog / xpdfreader	1.00	1.00.x
glyphandcog / xpdfreader	1.01	1.01.x
glyphandcog / xpdfreader	2.00	2.00.x
glyphandcog / xpdfreader	2.01	2.01.x
glyphandcog / xpdfreader	2.03	2.03.x
glyphandcog / xpdfreader	3.00	3.00.x
glyphandcog / xpdfreader	0.7	0.7.x
glyphandcog / xpdfreader	0.91	0.91.x
glyphandcog / xpdfreader	0.92	0.92.x
glyphandcog / xpdfreader	0.93	0.93.x
glyphandcog / xpdfreader	2.02	2.02.x
glyphandcog / xpdfreader	-	3.02.x

Vulnerability Database

313,825

CVE-2009-0195

Deep Security Visibility Without the Complexity