CVE-2009-0800

Xpdf 3.02pl2 and earlier - Remote Code Execution via JBIG2 Decoder Input Validation Flaws

Title source: llm
STIX 2.1

Description

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

References (42)

Core 42
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1793
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34963
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1790
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35037
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1077
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35064
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1066
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34481
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1065
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35618
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=495887
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35065
Various Sources x_refsource_confirm
http://poppler.freedesktop.org/releases.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34568
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/196617
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1040
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34991
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1076
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34756
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34291
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34755
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34852
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34959
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34746
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022073

Scores

EPSS 0.0549
EPSS Percentile 91.9%

Details

CWE
CWE-20
Status published
Products (34)
apple/cups 1.1
apple/cups 1.1.1
apple/cups 1.1.2
apple/cups 1.1.3
apple/cups 1.1.4
apple/cups 1.1.5
apple/cups 1.1.5-1
apple/cups 1.1.5-2
apple/cups 1.1.6
apple/cups 1.1.6-1
... and 24 more
Published Apr 23, 2009
Tracked Since Feb 18, 2026