CVE-2009-1182

CVSS V2 High 7.5 CVSS V3 None
Description
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Overview
  • CVE ID
  • CVE-2009-1182
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-04-23T17:30:01
  • Last Modified Date
  • 2019-03-06T16:30:38
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* 1 OR 3.02
cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:* 1 OR 0.10.5
cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* 1 OR 1.3.9
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=495896
http://secunia.com/advisories/34755 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://poppler.freedesktop.org/releases.html
http://www.securitytracker.com/id?1022073
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://www.vupen.com/english/advisories/2009/1076 Vendor Advisory
http://www.vupen.com/english/advisories/2009/1066 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0431.html
http://www.vupen.com/english/advisories/2009/1077 Vendor Advisory
http://secunia.com/advisories/34746 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://secunia.com/advisories/34852 Vendor Advisory
http://secunia.com/advisories/34291 Vendor Advisory
http://secunia.com/advisories/34481 Vendor Advisory
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1065 Vendor Advisory
http://secunia.com/advisories/34756 Vendor Advisory
http://www.kb.cert.org/vuls/id/196617 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://secunia.com/advisories/34959 Vendor Advisory
http://www.debian.org/security/2009/dsa-1790
http://secunia.com/advisories/34963 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2009-0458.html Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
http://secunia.com/advisories/35037 Vendor Advisory
http://secunia.com/advisories/35065 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://secunia.com/advisories/34991 Vendor Advisory
http://www.debian.org/security/2009/dsa-1793
http://secunia.com/advisories/35064 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://secunia.com/advisories/35618 Vendor Advisory
http://secunia.com/advisories/35685 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://www.vupen.com/english/advisories/2010/1040 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735
History
Created Old Value New Value Data Type Notes
2022-05-10 07:56:49 Added to TrackCVE