CVE-2009-1182
Xpdf <= 3.02pl2 - Remote Code Execution via JBIG2 MMR Decoder Buffer Overflow
Title source: llmDescription
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
References (42)
Core 42
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34963
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1793
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=495896
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1790
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35037
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1077
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35064
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1066
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34481
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1065
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35618
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35065
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Various Sources x_refsource_confirm
http://poppler.freedesktop.org/releases.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34568
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/196617
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1040
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34991
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35685
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1076
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34756
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34291
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34755
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34852
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34959
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34746
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022073
Scores
EPSS
0.0735
EPSS Percentile
93.7%
Details
CWE
CWE-119
Status
published
Products (34)
apple/cups
1.1
apple/cups
1.1.1
apple/cups
1.1.2
apple/cups
1.1.3
apple/cups
1.1.4
apple/cups
1.1.5
apple/cups
1.1.5-1
apple/cups
1.1.5-2
apple/cups
1.1.6
apple/cups
1.1.6-1
... and 24 more
Published
Apr 23, 2009
Tracked Since
Feb 18, 2026