Lucene search

[email protected]CVE-2009-1188

HistoryApr 23, 2009 - 7:30 p.m.

CVE-2009-1188

2009-04-2319:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-1188

integer overflow

jbig2

xpdf

3.x

3.02pl4

poppler

gpdf

kdegraphics kpdf

remote code execution

denial of service

pdf document

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.235

Percentile

96.6%

JSON

Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Affected configurations

NVD

Node

popplerpopplerRange≤0.10.5

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.5.90

popplerpopplerMatch0.5.91

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.5

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

VendorProductVersionCPE
popplerpoppler0.8.6cpe:/a:poppler:poppler:0.8.6:::
popplerpoppler0.9.2cpe:/a:poppler:poppler:0.9.2:::
popplerpoppler0.5.1cpe:/a:poppler:poppler:0.5.1:::
popplerpoppler0.5.90cpe:/a:poppler:poppler:0.5.90:::
popplerpoppler0.3.3cpe:/a:poppler:poppler:0.3.3:::
popplerpoppler0.3.1cpe:/a:poppler:poppler:0.3.1:::
popplerpoppler0.8.3cpe:/a:poppler:poppler:0.8.3:::
popplerpoppler0.4.0cpe:/a:poppler:poppler:0.4.0:::
popplerpoppler0.3.0cpe:/a:poppler:poppler:0.3.0:::
popplerpoppler0.4.4cpe:/a:poppler:poppler:0.4.4:::

Vendor	Product	Version	CPE
poppler	poppler	0.8.6	cpe:/a:poppler:poppler:0.8.6:::
poppler	poppler	0.9.2	cpe:/a:poppler:poppler:0.9.2:::
poppler	poppler	0.5.1	cpe:/a:poppler:poppler:0.5.1:::
poppler	poppler	0.5.90	cpe:/a:poppler:poppler:0.5.90:::
poppler	poppler	0.3.3	cpe:/a:poppler:poppler:0.3.3:::
poppler	poppler	0.3.1	cpe:/a:poppler:poppler:0.3.1:::
poppler	poppler	0.8.3	cpe:/a:poppler:poppler:0.8.3:::
poppler	poppler	0.4.0	cpe:/a:poppler:poppler:0.4.0:::
poppler	poppler	0.3.0	cpe:/a:poppler:poppler:0.3.0:::
poppler	poppler	0.4.4	cpe:/a:poppler:poppler:0.4.4:::

Rows per page:

1-10 of 481

References

bugs.gentoo.org/show_bug.cgi?id=263028#c16

lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

poppler.freedesktop.org/releases.html

secunia.com/advisories/34746

secunia.com/advisories/35064

secunia.com/advisories/35618

secunia.com/advisories/37028

secunia.com/advisories/37037

secunia.com/advisories/37043

secunia.com/advisories/37053

secunia.com/advisories/37077

secunia.com/advisories/37079

secunia.com/advisories/39327

secunia.com/advisories/39938

wiki.rpath.com/Advisories:rPSA-2009-0059

www.debian.org/security/2010/dsa-2028

www.debian.org/security/2010/dsa-2050

www.kb.cert.org/vuls/id/196617

www.mandriva.com/security/advisories?name=MDVSA-2010:087

www.mandriva.com/security/advisories?name=MDVSA-2011:175

www.redhat.com/support/errata/RHSA-2009-0480.html

www.securityfocus.com/archive/1/502761/100/0/threaded

www.securityfocus.com/bid/34568

www.vupen.com/english/advisories/2009/1076

www.vupen.com/english/advisories/2009/2928

www.vupen.com/english/advisories/2010/0802

www.vupen.com/english/advisories/2010/1040

www.vupen.com/english/advisories/2010/1220

bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875

bugzilla.redhat.com/show_bug.cgi?id=495907

bugzilla.redhat.com/show_bug.cgi?id=526915

exchange.xforce.ibmcloud.com/vulnerabilities/50185

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9957

rhn.redhat.com/errata/RHSA-2009-1501.html

rhn.redhat.com/errata/RHSA-2009-1502.html

rhn.redhat.com/errata/RHSA-2009-1503.html

rhn.redhat.com/errata/RHSA-2009-1512.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.235

Percentile

96.6%

JSON

Related for CVE-2009-1188

veracode1 cvelist2 nvd2 debiancve2 prion2 ubuntucve2 cve1 nessus32 redhat5 openvas66 oraclelinux4 centos5 fedora8 debian2 osv2 altlinux2 cert1 ubuntu1 seebug1 securityvulns1 gentoo1