{
  "threat_severity" : "Important",
  "public_date" : "2009-04-16T00:00:00Z",
  "bugzilla" : {
    "description" : "PDF JBIG2 multiple input validation flaws",
    "id" : "495887",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file." ],
  "acknowledgement" : "Red Hat would like to thank Will Dormann (CERT/CC) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 3",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0430",
    "cpe" : "cpe:/o:redhat:enterprise_linux:3",
    "package" : "xpdf-1:2.02-14.el3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0429",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "cups-1:1.1.22-0.rc1.9.27.el4_7.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0430",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "xpdf-1:3.00-20.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0431",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "kdegraphics-7:3.3.1-13.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-30T00:00:00Z",
    "advisory" : "RHSA-2009:0458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "gpdf-0:2.8.2-7.7.2.el4_7.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-05-06T00:00:00Z",
    "advisory" : "RHSA-2010:0399",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "tetex-0:2.0.2-22.0.1.EL4.16"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0429",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "cups-1:1.3.7-8.el5_3.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0431",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kdegraphics-7:3.5.4-12.el5_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-05-13T00:00:00Z",
    "advisory" : "RHSA-2009:0480",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "poppler-0:0.5.4-4.4.el5_3.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-05-06T00:00:00Z",
    "advisory" : "RHSA-2010:0400",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "tetex-0:3.0-33.8.el5_5.5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-0800\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0800" ],
  "name" : "CVE-2009-0800",
  "csaw" : false
}