CVE-2009-0800
Xpdf 3.02pl2 and earlier - Remote Code Execution via JBIG2 Decoder Input Validation Flaws
Title source: llmDescription
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
References (42)
Core 42
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1793
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34963
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1790
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35037
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1077
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35064
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1066
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34481
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1065
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35618
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=495887
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35065
Various Sources x_refsource_confirm
http://poppler.freedesktop.org/releases.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34568
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/196617
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1040
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34991
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35685
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1076
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34756
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34291
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34755
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34852
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34959
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34746
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022073
Scores
EPSS
0.0549
EPSS Percentile
91.9%
Details
CWE
CWE-20
Status
published
Products (34)
apple/cups
1.1
apple/cups
1.1.1
apple/cups
1.1.2
apple/cups
1.1.3
apple/cups
1.1.4
apple/cups
1.1.5
apple/cups
1.1.5-1
apple/cups
1.1.5-2
apple/cups
1.1.6
apple/cups
1.1.6-1
... and 24 more
Published
Apr 23, 2009
Tracked Since
Feb 18, 2026