CVE-2009-1182

high

Description

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

References

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735

https://bugzilla.redhat.com/show_bug.cgi?id=495896

http://www.vupen.com/english/advisories/2010/1040

http://www.vupen.com/english/advisories/2009/1077

http://www.vupen.com/english/advisories/2009/1076

http://www.vupen.com/english/advisories/2009/1066

http://www.vupen.com/english/advisories/2009/1065

http://www.securitytracker.com/id?1022073

http://www.securityfocus.com/bid/34568

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.redhat.com/support/errata/RHSA-2009-0431.html

http://www.redhat.com/support/errata/RHSA-2009-0430.html

http://www.redhat.com/support/errata/RHSA-2009-0429.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.kb.cert.org/vuls/id/196617

http://www.debian.org/security/2009/dsa-1793

http://www.debian.org/security/2009/dsa-1790

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://secunia.com/advisories/35685

http://secunia.com/advisories/35618

http://secunia.com/advisories/35065

http://secunia.com/advisories/35064

http://secunia.com/advisories/35037

http://secunia.com/advisories/34991

http://secunia.com/advisories/34963

http://secunia.com/advisories/34959

http://secunia.com/advisories/34852

http://secunia.com/advisories/34756

http://secunia.com/advisories/34755

http://secunia.com/advisories/34746

http://secunia.com/advisories/34481

http://secunia.com/advisories/34291

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://poppler.freedesktop.org/releases.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

Details

Source: Mitre, NVD

Published: 2009-04-23

Updated: 2019-03-06

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High