Published: 13/01/2010 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Adobe Reader and Acrobat 9.x prior to 9.3, and 8.x prior to 8.2 on Windows and Mac OS X, allows remote malicious users to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat
adobe acrobat 9.1.3
adobe acrobat 8.1.5
adobe acrobat 8.1.4
adobe acrobat 7.1.3
adobe acrobat 7.1.2
adobe acrobat 9.1.2
adobe acrobat 9.1.1
adobe acrobat 8.1.3
adobe acrobat 8.1.2
adobe acrobat 7.1.1
adobe acrobat 7.1.0
adobe acrobat 7.0.2
adobe acrobat 7.0.1
adobe acrobat 6.0.1
adobe acrobat 6.0
adobe acrobat 4.0.5
adobe acrobat 4.0
adobe acrobat 3.1
adobe acrobat 9.1
adobe acrobat 9.0
adobe acrobat 8.1.1
adobe acrobat 8.1
adobe acrobat 7.0.9
adobe acrobat 7.0.8
adobe acrobat 7.0.7
adobe acrobat 7.0
adobe acrobat 6.0.6
adobe acrobat 5.0.6
adobe acrobat 5.0.5
adobe acrobat 3.0
adobe acrobat 7.0.4
adobe acrobat 7.0.3
adobe acrobat 6.0.3
adobe acrobat 6.0.2
adobe acrobat 4.0.5c
adobe acrobat 4.0.5a
adobe acrobat 8.1.7
adobe acrobat 8.1.6
adobe acrobat 8.0
adobe acrobat 7.1.4
adobe acrobat 7.0.6
adobe acrobat 7.0.5
adobe acrobat 6.0.5
adobe acrobat 6.0.4
adobe acrobat 5.0.10
adobe acrobat 5.0
adobe acrobat_reader
adobe acrobat_reader 9.1.3
adobe acrobat_reader 8.1.5
adobe acrobat_reader 8.1.4
adobe acrobat_reader 7.0.8
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.1.1
adobe acrobat_reader 7.1.3
adobe acrobat_reader 6.0
adobe acrobat_reader 5.1
adobe acrobat_reader 4.5
adobe acrobat_reader 4.0.5c
adobe acrobat_reader 9.1.2
adobe acrobat_reader 9.1.1
adobe acrobat_reader 8.1.2
adobe acrobat_reader 8.1.1
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.1.2
adobe acrobat_reader 6.0.5
adobe acrobat_reader 5.0.9
adobe acrobat_reader 5.0.7
adobe acrobat_reader 4.0.5a
adobe acrobat_reader 4.0.5
adobe acrobat_reader 8.1.7
adobe acrobat_reader 8.1.6
adobe acrobat_reader 7.1.0
adobe acrobat_reader 7.0.9
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.1
adobe acrobat_reader 5.0.11
adobe acrobat_reader 5.0.10
adobe acrobat_reader 5.0
adobe acrobat_reader 3.01
adobe acrobat_reader 3.0
adobe acrobat_reader 9.1
adobe acrobat_reader 9.0
adobe acrobat_reader 8.1
adobe acrobat_reader 8.0
adobe acrobat_reader 7.0.3
adobe acrobat_reader 7.0.2
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.3
adobe acrobat_reader 5.0.6
adobe acrobat_reader 5.0.5
adobe acrobat_reader 4.0
adobe acrobat_reader 3.02

Synopsis Critical: acroread security and bug fix update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by th ...

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 ExtrasThis update has been rated as having critical security impact by the RedHat Security Response Team ...

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic The acroread packages as shipped in Red Hat Enterprise Linux 3 Extrascontain security flaws and should not be usedThis update has been rated as having critical security impact by the RedHat Security Response Team ...

CWE-399 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.vupen.com/english/advisories/2010/0103 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836 http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.securitytracker.com/id?1023446 http://www.securityfocus.com/bid/37757 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.redhat.com/support/errata/RHSA-2010-0060.html https://bugzilla.redhat.com/show_bug.cgi?id=554293 https://exchange.xforce.ibmcloud.com/vulnerabilities/55553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2010:0037

Get Started

CVE-2009-3955

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect