CVE-2009-1179

high

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

References

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892

https://bugzilla.redhat.com/show_bug.cgi?id=495889

http://www.vupen.com/english/advisories/2010/1040

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1077

http://www.vupen.com/english/advisories/2009/1076

http://www.vupen.com/english/advisories/2009/1066

http://www.vupen.com/english/advisories/2009/1065

http://www.securitytracker.com/id?1022073

http://www.securityfocus.com/bid/34568

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.redhat.com/support/errata/RHSA-2009-0431.html

http://www.redhat.com/support/errata/RHSA-2009-0430.html

http://www.redhat.com/support/errata/RHSA-2009-0429.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.kb.cert.org/vuls/id/196617

http://www.debian.org/security/2009/dsa-1793

http://www.debian.org/security/2009/dsa-1790

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT3613

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://secunia.com/advisories/35685

http://secunia.com/advisories/35618

http://secunia.com/advisories/35379

http://secunia.com/advisories/35065

http://secunia.com/advisories/35064

http://secunia.com/advisories/35037

http://secunia.com/advisories/34991

http://secunia.com/advisories/34963

http://secunia.com/advisories/34959

http://secunia.com/advisories/34852

http://secunia.com/advisories/34756

http://secunia.com/advisories/34755

http://secunia.com/advisories/34746

http://secunia.com/advisories/34481

http://secunia.com/advisories/34291

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://poppler.freedesktop.org/releases.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Details

Source: Mitre, NVD

Published: 2009-04-23

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High