CVE-2009-1187
NONE EPSS 93.5%
Published Apr 23, 200917y ago · Modified Jun 16, 20262w ago
Published Apr 23, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
Threat Intelligence
EPSS Exploit Probability
93.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-189
Affected Products 48
| Vendor | Product | Version | Range |
|---|---|---|---|
| poppler | poppler | * | ≤0.10.5 |
| poppler | poppler | 0.1 | any |
| poppler | poppler | 0.1.1 | any |
| poppler | poppler | 0.1.2 | any |
| poppler | poppler | 0.2.0 | any |
| poppler | poppler | 0.3.0 | any |
| poppler | poppler | 0.3.1 | any |
| poppler | poppler | 0.3.2 | any |
| poppler | poppler | 0.3.3 | any |
| poppler | poppler | 0.4.0 | any |
| poppler | poppler | 0.4.1 | any |
| poppler | poppler | 0.4.2 | any |
| poppler | poppler | 0.4.3 | any |
| poppler | poppler | 0.4.4 | any |
| poppler | poppler | 0.5.0 | any |
| poppler | poppler | 0.5.1 | any |
| poppler | poppler | 0.5.2 | any |
| poppler | poppler | 0.5.3 | any |
| poppler | poppler | 0.5.4 | any |
| poppler | poppler | 0.5.9 | any |
| poppler | poppler | 0.5.90 | any |
| poppler | poppler | 0.5.91 | any |
| poppler | poppler | 0.6.0 | any |
| poppler | poppler | 0.6.1 | any |
| poppler | poppler | 0.6.2 | any |
| poppler | poppler | 0.6.3 | any |
| poppler | poppler | 0.6.4 | any |
| poppler | poppler | 0.7.0 | any |
| poppler | poppler | 0.7.1 | any |
| poppler | poppler | 0.7.2 | any |
| poppler | poppler | 0.7.3 | any |
| poppler | poppler | 0.8.0 | any |
| poppler | poppler | 0.8.1 | any |
| poppler | poppler | 0.8.2 | any |
| poppler | poppler | 0.8.3 | any |
| poppler | poppler | 0.8.4 | any |
| poppler | poppler | 0.8.5 | any |
| poppler | poppler | 0.8.6 | any |
| poppler | poppler | 0.8.7 | any |
| poppler | poppler | 0.9.0 | any |
| poppler | poppler | 0.9.1 | any |
| poppler | poppler | 0.9.2 | any |
| poppler | poppler | 0.9.3 | any |
| poppler | poppler | 0.10.0 | any |
| poppler | poppler | 0.10.1 | any |
| poppler | poppler | 0.10.2 | any |
| poppler | poppler | 0.10.3 | any |
| poppler | poppler | 0.10.4 | any |
References 20
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
- poppler.freedesktop.org http://poppler.freedesktop.org/releases.html
- secunia.com http://secunia.com/advisories/34746
- secunia.com http://secunia.com/advisories/35064
- secunia.com http://secunia.com/advisories/35618
- wiki.rpath.com http://wiki.rpath.com/Advisories:rPSA-2009-0059
- kb.cert.org http://www.kb.cert.org/vuls/id/196617
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
- redhat.com http://www.redhat.com/support/errata/RHSA-2009-0480.html
- securityfocus.com http://www.securityfocus.com/archive/1/502761/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/34568
- vupen.com http://www.vupen.com/english/advisories/2009/1076
- vupen.com http://www.vupen.com/english/advisories/2010/1040
- bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Remediation
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=263028#c16