Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1187

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1187
Last Modified 18 Jan 2012 10:37:24
Published 23 Apr 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1187

Summary

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

Vulnerable Systems

Application

  • Poppler 0.1

  • Poppler 0.1.1

  • Poppler 0.1.2

  • Poppler 0.10.0

  • Poppler 0.10.1

  • Poppler 0.10.2

  • Poppler 0.10.3

  • Poppler 0.10.4

  • Poppler 0.10.5

  • Poppler 0.2.0

  • Poppler 0.3.0

  • Poppler 0.3.1

  • Poppler 0.3.2

  • Poppler 0.3.3

  • Poppler 0.4.0

  • Poppler 0.4.1

  • Poppler 0.4.2

  • Poppler 0.4.3

  • Poppler 0.4.4

  • Poppler 0.5.0

  • Poppler 0.5.1

  • Poppler 0.5.2

  • Poppler 0.5.3

  • Poppler 0.5.4

  • Poppler 0.5.9

  • Poppler 0.5.90

  • Poppler 0.5.91

  • Poppler 0.6.0

  • Poppler 0.6.1

  • Poppler 0.6.2

  • Poppler 0.6.3

  • Poppler 0.6.4

  • Poppler 0.7.0

  • Poppler 0.7.1

  • Poppler 0.7.2

  • Poppler 0.7.3

  • Poppler 0.8.0

  • Poppler 0.8.1

  • Poppler 0.8.2

  • Poppler 0.8.3

  • Poppler 0.8.4

  • Poppler 0.8.5

  • Poppler 0.8.6

  • Poppler 0.8.7

  • Poppler 0.9.0

  • Poppler 0.9.1

  • Poppler 0.9.2

  • Poppler 0.9.3


References

CERT-VN - VU#196617

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=263028#c16

FEDORA - FEDORA-2009-6982

FEDORA - FEDORA-2009-6973

FEDORA - FEDORA-2009-6972

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875

XF - poppler-jbig2-cairooutputdev-code-excution(50184)

VUPEN - ADV-2010-1040

VUPEN - ADV-2009-1076

BID - 34568

BUGTRAQ - 20090417 rPSA-2009-0059-1 poppler

REDHAT - RHSA-2009:0480

MANDRIVA - MDVSA-2010:087

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0059

SECUNIA - 35618

SECUNIA - 35064

SECUNIA - 34746

CONFIRM - http://poppler.freedesktop.org/releases.html

MANDRIVA - MDVSA-2011:175


Last Updated: 27 May 2016 10:57:20