CVE-2009-4117

MuPDF <20091125231942 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Christophe Devine · textlocalwindows
https://www.exploit-db.com/exploits/10244

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/54441
Vendor Advisory third-party-advisory
http://secunia.com/advisories/37494
Vendor Advisory third-party-advisory
http://secunia.com/advisories/37513

Scores

EPSS 0.2563
EPSS Percentile 96.3%

Details

CWE
CWE-119
Status published
Products (15)
sumatrapdfreader/sumatrapdf 0.1
sumatrapdfreader/sumatrapdf 0.2
sumatrapdfreader/sumatrapdf 0.3
sumatrapdfreader/sumatrapdf 0.4
sumatrapdfreader/sumatrapdf 0.5
sumatrapdfreader/sumatrapdf 0.6
sumatrapdfreader/sumatrapdf 0.7
sumatrapdfreader/sumatrapdf 0.8
sumatrapdfreader/sumatrapdf 0.8.1
sumatrapdfreader/sumatrapdf 0.9
... and 5 more
Published Dec 01, 2009
Tracked Since Feb 18, 2026