Medium severity5.4NVD Advisory· Published May 11, 2009· Updated Apr 23, 2026
CVE-2009-1605
CVE-2009-1605
Description
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.
Affected products
13cpe:2.3:a:sumatrapdfreader:sumatrapdf:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:*:*:*:*:*:*:*:*range: <=0.9.3
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:sumatrapdfreader:sumatrapdf:0.9.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.htmlnvdExploit
- secunia.com/advisories/34916nvdVendor Advisory
- www.vupen.com/english/advisories/2009/1185nvdVendor Advisory
- www.vupen.com/english/advisories/2009/1186nvdVendor Advisory
- bugs.ghostscript.com/show_bug.cginvd
- cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/nvd
News mentions
0No linked articles in our index yet.