CVE-2009-1187

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
popplerpoppler
𝑥
≤ 0.10.5
popplerpoppler
0.1
popplerpoppler
0.1.1
popplerpoppler
0.1.2
popplerpoppler
0.2.0
popplerpoppler
0.3.0
popplerpoppler
0.3.1
popplerpoppler
0.3.2
popplerpoppler
0.3.3
popplerpoppler
0.4.0
popplerpoppler
0.4.1
popplerpoppler
0.4.2
popplerpoppler
0.4.3
popplerpoppler
0.4.4
popplerpoppler
0.5.0
popplerpoppler
0.5.1
popplerpoppler
0.5.2
popplerpoppler
0.5.3
popplerpoppler
0.5.4
popplerpoppler
0.5.9
popplerpoppler
0.5.90
popplerpoppler
0.5.91
popplerpoppler
0.6.0
popplerpoppler
0.6.1
popplerpoppler
0.6.2
popplerpoppler
0.6.3
popplerpoppler
0.6.4
popplerpoppler
0.7.0
popplerpoppler
0.7.1
popplerpoppler
0.7.2
popplerpoppler
0.7.3
popplerpoppler
0.8.0
popplerpoppler
0.8.1
popplerpoppler
0.8.2
popplerpoppler
0.8.3
popplerpoppler
0.8.4
popplerpoppler
0.8.5
popplerpoppler
0.8.6
popplerpoppler
0.8.7
popplerpoppler
0.9.0
popplerpoppler
0.9.1
popplerpoppler
0.9.2
popplerpoppler
0.9.3
popplerpoppler
0.10.0
popplerpoppler
0.10.1
popplerpoppler
0.10.2
popplerpoppler
0.10.3
popplerpoppler
0.10.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bullseye (security)
20.09.0-3.1+deb11u1
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bookworm
22.12.0-2
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
dne
gutsy
dne
dapper
dne
cupsys
karmic
dne
jaunty
dne
intrepid
dne
hardy
not-affected
gutsy
not-affected
dapper
not-affected
evince
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
gpdf
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
ipe
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
dapper
ignored
kdegraphics
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
koffice
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
dapper
ignored
libextractor
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
dapper
ignored
pdfkit.framework
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
pdftohtml
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
poppler
karmic
Fixed 0.10.5-1ubuntu2
released
jaunty
Fixed 0.10.5-1ubuntu2
released
intrepid
Fixed 0.8.7-1ubuntu0.2
released
hardy
Fixed 0.6.4-1ubuntu3.2
released
gutsy
ignored
dapper
Fixed 0.5.1-0ubuntu7.5
released
tetex-bin
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
not-affected
texlive-bin
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
xpdf
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.kb.cert.org/vuls/id/196617
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2010/1040
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.kb.cert.org/vuls/id/196617
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2010/1040
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html