CVE-2009-1179

MEDIUM

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://poppler.freedesktop.org/releases.html

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://secunia.com/advisories/34291

http://secunia.com/advisories/34481

http://secunia.com/advisories/34746

http://secunia.com/advisories/34755

http://secunia.com/advisories/34756

http://secunia.com/advisories/34852

http://secunia.com/advisories/34959

http://secunia.com/advisories/34963

http://secunia.com/advisories/34991

http://secunia.com/advisories/35037

http://secunia.com/advisories/35064

http://secunia.com/advisories/35065

http://secunia.com/advisories/35379

http://secunia.com/advisories/35618

http://secunia.com/advisories/35685

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://www.debian.org/security/2009/dsa-1790

http://www.debian.org/security/2009/dsa-1793

http://www.kb.cert.org/vuls/id/196617

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.redhat.com/support/errata/RHSA-2009-0429.html

http://www.redhat.com/support/errata/RHSA-2009-0430.html

http://www.redhat.com/support/errata/RHSA-2009-0431.html

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.securityfocus.com/bid/34568

http://www.securitytracker.com/id?1022073

http://www.vupen.com/english/advisories/2009/1065

http://www.vupen.com/english/advisories/2009/1066

http://www.vupen.com/english/advisories/2009/1076

http://www.vupen.com/english/advisories/2009/1077

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2010/1040

https://bugzilla.redhat.com/show_bug.cgi?id=495889

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11892

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

Details

Source: MITRE

Published: 2009-04-23

Updated: 2019-03-06

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM