CVE-2009-4117

MuPDF <20091125231942 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4117. PoCs published by Christophe Devine.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2009-4117, a stack-based buffer overflow in MuPDF's handling of /Decode arrays in shading types 4-7. It includes vulnerability details, exploitation challenges, and a proof-of-concept Ruby script using the Origami framework to generate a malicious PDF.

Description

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Christophe Devine · textlocalwindows

https://www.exploit-db.com/exploits/10244

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2009-4117, a stack-based buffer overflow in MuPDF's handling of /Decode arrays in shading types 4-7. It includes vulnerability details, exploitation challenges, and a proof-of-concept Ruby script using the Origami framework to generate a malicious PDF.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: MuPDF (before commit 20091125231942) and SumatraPDF (before 1.0.1)

No auth needed

Prerequisites: Ability to deliver a malicious PDF file to the target

MITRE ATT&CK