CVE-2009-1182

HIGH

Description

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

References

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://poppler.freedesktop.org/releases.html

http://rhn.redhat.com/errata/RHSA-2009-0458.html

http://secunia.com/advisories/34291

http://secunia.com/advisories/34481

http://secunia.com/advisories/34746

http://secunia.com/advisories/34755

http://secunia.com/advisories/34756

http://secunia.com/advisories/34852

http://secunia.com/advisories/34959

http://secunia.com/advisories/34963

http://secunia.com/advisories/34991

http://secunia.com/advisories/35037

http://secunia.com/advisories/35064

http://secunia.com/advisories/35065

http://secunia.com/advisories/35618

http://secunia.com/advisories/35685

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://www.debian.org/security/2009/dsa-1790

http://www.debian.org/security/2009/dsa-1793

http://www.kb.cert.org/vuls/id/196617

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.redhat.com/support/errata/RHSA-2009-0429.html

http://www.redhat.com/support/errata/RHSA-2009-0430.html

http://www.redhat.com/support/errata/RHSA-2009-0431.html

http://www.redhat.com/support/errata/RHSA-2009-0480.html

http://www.securityfocus.com/bid/34568

http://www.securitytracker.com/id?1022073

http://www.vupen.com/english/advisories/2009/1065

http://www.vupen.com/english/advisories/2009/1066

http://www.vupen.com/english/advisories/2009/1076

http://www.vupen.com/english/advisories/2009/1077

http://www.vupen.com/english/advisories/2010/1040

https://bugzilla.redhat.com/show_bug.cgi?id=495896

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

Details

Source: MITRE

Published: 2009-04-23

Updated: 2019-03-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH