CVE-2009-0755
CVE-2009-0755 is a medium-severity vulnerability in Poppler with a CVSS 2.0 base score of 5.0. Its EPSS exploit-prediction score of 11% places it in the 95th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 11% (95th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Poppler
- Published:
- Last modified:
Description
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
Frequently asked questions
- What is CVE-2009-0755?
- The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
- How severe is CVE-2009-0755?
- CVE-2009-0755 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2009-0755 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 11% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2009-0755?
- CVE-2009-0755 primarily affects Poppler. In total, 34 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2009-0755?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2009-0755 published?
- CVE-2009-0755 was published on 2009-03-03 and last updated on 2026-06-16.
References
- http://bugs.freedesktop.org/show_bug.cgi?id=19790
- http://lists.freedesktop.org/archives/poppler/2009-January/004406.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/33853
- http://secunia.com/advisories/35685
- http://secunia.com/advisories/37114
- http://wiki.rpath.com/Advisories:rPSA-2009-0059
- http://www.debian.org/security/2009/dsa-1941
- http://www.openwall.com/lists/oss-security/2009/02/13/1
- http://www.openwall.com/lists/oss-security/2009/02/19/2
- http://www.securityfocus.com/archive/1/502761/100/0/threaded
- http://www.securityfocus.com/bid/33749
- http://www.ubuntu.com/usn/USN-850-1
Affected products (34)
- cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
More vulnerabilities in Poppler
- CVE-2005-3625 — Critical (CVSS 10.0): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows…
- CVE-2009-3608 — Critical (CVSS 9.3): Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before…
- CVE-2009-3607 — Critical (CVSS 9.3): Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows…
- CVE-2009-3606 — Critical (CVSS 9.3): Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in…
- CVE-2009-3604 — Critical (CVSS 9.3): The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and…
- CVE-2009-3603 — Critical (CVSS 9.3): Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might…