CVE-2009-1187

NONE EPSS 93.5%
Published Apr 23, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 23, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

Threat Intelligence

EPSS Exploit Probability
93.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-189

Affected Products 48

VendorProductVersionRange
popplerpoppler* ≤0.10.5
popplerpoppler0.1any
popplerpoppler0.1.1any
popplerpoppler0.1.2any
popplerpoppler0.2.0any
popplerpoppler0.3.0any
popplerpoppler0.3.1any
popplerpoppler0.3.2any
popplerpoppler0.3.3any
popplerpoppler0.4.0any
popplerpoppler0.4.1any
popplerpoppler0.4.2any
popplerpoppler0.4.3any
popplerpoppler0.4.4any
popplerpoppler0.5.0any
popplerpoppler0.5.1any
popplerpoppler0.5.2any
popplerpoppler0.5.3any
popplerpoppler0.5.4any
popplerpoppler0.5.9any
popplerpoppler0.5.90any
popplerpoppler0.5.91any
popplerpoppler0.6.0any
popplerpoppler0.6.1any
popplerpoppler0.6.2any
popplerpoppler0.6.3any
popplerpoppler0.6.4any
popplerpoppler0.7.0any
popplerpoppler0.7.1any
popplerpoppler0.7.2any
popplerpoppler0.7.3any
popplerpoppler0.8.0any
popplerpoppler0.8.1any
popplerpoppler0.8.2any
popplerpoppler0.8.3any
popplerpoppler0.8.4any
popplerpoppler0.8.5any
popplerpoppler0.8.6any
popplerpoppler0.8.7any
popplerpoppler0.9.0any
popplerpoppler0.9.1any
popplerpoppler0.9.2any
popplerpoppler0.9.3any
popplerpoppler0.10.0any
popplerpoppler0.10.1any
popplerpoppler0.10.2any
popplerpoppler0.10.3any
popplerpoppler0.10.4any

References 20

  • bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
    Patch
  • poppler.freedesktop.org http://poppler.freedesktop.org/releases.html
  • secunia.com http://secunia.com/advisories/34746
  • secunia.com http://secunia.com/advisories/35064
  • secunia.com http://secunia.com/advisories/35618
  • wiki.rpath.com http://wiki.rpath.com/Advisories:rPSA-2009-0059
  • kb.cert.org http://www.kb.cert.org/vuls/id/196617
    US Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
  • redhat.com http://www.redhat.com/support/errata/RHSA-2009-0480.html
  • securityfocus.com http://www.securityfocus.com/archive/1/502761/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/34568
  • vupen.com http://www.vupen.com/english/advisories/2009/1076
  • vupen.com http://www.vupen.com/english/advisories/2010/1040
  • bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

Remediation