CVE-2009-0756

poppler < 0.10.4 - Denial of Service via JBIG2 Symbol Dictionary Parsing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0756. PoCs published by Romario.

AI-analyzed exploit summary The provided text describes a denial-of-service vulnerability in Poppler versions prior to 0.10.4, triggered by malformed PDF files. It references a binary exploit (32800.pdf) but does not contain executable code.

Description

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Romario · textdoslinux

https://www.exploit-db.com/exploits/32800

View Code ZIP pw:eip

The provided text describes a denial-of-service vulnerability in Poppler versions prior to 0.10.4, triggered by malformed PDF files. It references a binary exploit (32800.pdf) but does not contain executable code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Poppler < 0.10.4

No auth needed

Prerequisites: A malformed PDF file · Target application using vulnerable Poppler library

MITRE ATT&CK