CVE-2009-3459
8.8 HIGHHeap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to ...
Published: 2009-10-13 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-119, CWE-122
Affected products
| Vendor | Product |
|---|---|
| adobe | acrobat, acrobat_reader |
Description
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2009-3459
- [Vendor advisory]http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
- [Other]http://isc.sans.org/diary.html?storyid=7300
- [Vendor advisory]http://secunia.com/advisories/36983
- [Other]http://securitytracker.com/id?1023007
- [Patch]http://www.adobe.com/support/security/bulletins/apsb09-15.html
- [Other]http://www.iss.net/threats/348.html
- [Other]http://www.securityfocus.com/bid/36600
- [Other]http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/2851
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/2898
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534
- [Vendor advisory]http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
- [Other]http://isc.sans.org/diary.html?storyid=7300
- [Vendor advisory]http://secunia.com/advisories/36983
- [Other]http://securitytracker.com/id?1023007
- [Patch]http://www.adobe.com/support/security/bulletins/apsb09-15.html
- [Other]http://www.iss.net/threats/348.html
- [Other]http://www.securityfocus.com/bid/36600
- [Other]http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/2851
- [Vendor advisory]http://www.vupen.com/english/advisories/2009/2898
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
- [Other]https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459
Related CVEs
Same vendor
- CVE-2026-47905 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability (6.2 MEDIUM)
- CVE-2026-47904 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability (6.2 MEDIUM)
- CVE-2026-47903 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability (6.2 MEDIUM)
- CVE-2026-47902 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability (6.2 MEDIUM)
- CVE-2026-34713 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability (7.5 HIGH)
Same CWE
- CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47964 — DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code ex... (7.8 HIGH)
- CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)