CVE-2009-1187

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
popplerpoppler
𝑥
≤ 0.10.5
popplerpoppler
0.1
popplerpoppler
0.1.1
popplerpoppler
0.1.2
popplerpoppler
0.2.0
popplerpoppler
0.3.0
popplerpoppler
0.3.1
popplerpoppler
0.3.2
popplerpoppler
0.3.3
popplerpoppler
0.4.0
popplerpoppler
0.4.1
popplerpoppler
0.4.2
popplerpoppler
0.4.3
popplerpoppler
0.4.4
popplerpoppler
0.5.0
popplerpoppler
0.5.1
popplerpoppler
0.5.2
popplerpoppler
0.5.3
popplerpoppler
0.5.4
popplerpoppler
0.5.9
popplerpoppler
0.5.90
popplerpoppler
0.5.91
popplerpoppler
0.6.0
popplerpoppler
0.6.1
popplerpoppler
0.6.2
popplerpoppler
0.6.3
popplerpoppler
0.6.4
popplerpoppler
0.7.0
popplerpoppler
0.7.1
popplerpoppler
0.7.2
popplerpoppler
0.7.3
popplerpoppler
0.8.0
popplerpoppler
0.8.1
popplerpoppler
0.8.2
popplerpoppler
0.8.3
popplerpoppler
0.8.4
popplerpoppler
0.8.5
popplerpoppler
0.8.6
popplerpoppler
0.8.7
popplerpoppler
0.9.0
popplerpoppler
0.9.1
popplerpoppler
0.9.2
popplerpoppler
0.9.3
popplerpoppler
0.10.0
popplerpoppler
0.10.1
popplerpoppler
0.10.2
popplerpoppler
0.10.3
popplerpoppler
0.10.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups
dapper
dne
gutsy
dne
hardy
dne
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
cupsys
dapper
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
evince
dapper
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
gpdf
dapper
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
ipe
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
kdegraphics
dapper
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
koffice
dapper
ignored
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
libextractor
dapper
ignored
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
pdfkit.framework
dapper
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
pdftohtml
dapper
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
poppler
dapper
Fixed 0.5.1-0ubuntu7.5
released
gutsy
ignored
hardy
Fixed 0.6.4-1ubuntu3.2
released
intrepid
Fixed 0.8.7-1ubuntu0.2
released
jaunty
Fixed 0.10.5-1ubuntu2
released
karmic
Fixed 0.10.5-1ubuntu2
released
tetex-bin
dapper
not-affected
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
texlive-bin
dapper
dne
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
xpdf
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpoppler-cpp0
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-devel
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-glib-devel
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-glib8
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
libpoppler-qt4-4
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler44
suse enterprise server 12 SP2
0.24.4-12.1
fixed
libpoppler60
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
libpoppler73
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
poppler-tools
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 12 SP5
0.43.0-16.15.1
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 12 SP2
0.43.0-15.1
fixed
suse enterprise server 12 SP4
0.43.0-16.15.1
fixed
suse enterprise server 12 SP5
0.43.0-16.15.1
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
typelib-1_0-Poppler-0_18
suse enterprise desktop 15
0.62.0-2.33
fixed
suse enterprise desktop 15 SP1
0.62.0-2.33
fixed
suse enterprise sap 15
0.62.0-2.33
fixed
suse enterprise sap 15 SP1
0.62.0-2.33
fixed
suse enterprise server 15
0.62.0-2.33
fixed
suse enterprise server 15 SP1
0.62.0-2.33
fixed
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.kb.cert.org/vuls/id/196617
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2010/1040
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.kb.cert.org/vuls/id/196617
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2010/1040
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html