CVE-2009-1182

Xpdf <= 3.02pl2 - Remote Code Execution via JBIG2 MMR Decoder Buffer Overflow

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

References (42)

Core 42
Core References
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34963
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1793
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=495896
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1790
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35037
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1077
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35064
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1066
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34481
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0431.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1065
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0430.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35618
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35065
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0480.html
Various Sources x_refsource_confirm
http://poppler.freedesktop.org/releases.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34568
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/196617
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1040
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34991
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1076
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34756
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34291
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34755
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34852
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34959
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34746
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0429.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022073

Scores

EPSS 0.0735
EPSS Percentile 93.7%

Details

CWE
CWE-119
Status published
Products (34)
apple/cups 1.1
apple/cups 1.1.1
apple/cups 1.1.2
apple/cups 1.1.3
apple/cups 1.1.4
apple/cups 1.1.5
apple/cups 1.1.5-1
apple/cups 1.1.5-2
apple/cups 1.1.6
apple/cups 1.1.6-1
... and 24 more
Published Apr 23, 2009
Tracked Since Feb 18, 2026