CVE-2009-1180

Severity

68%

Complexity

86%

Confidentiality

106%

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 16 years ago

2009-04-23 17:30:00

Last updated 6 years ago

2019-03-06 16:30:00

Affected Software

Glyph & Cog XpdfReader 0.2

0.2

Glyph & Cog XpdfReader 0.3

0.3

Glyph & Cog XpdfReader 0.4

0.4

Glyph & Cog XpdfReader 0.5

0.5

Glyph & Cog XpdfReader 0.6

0.6

Glyph & Cog XpdfReader 0.7

0.7

Glyph & Cog XpdfReader 0.80

0.80

Glyph & Cog XpdfReader 0.90

0.90

Glyph & Cog XpdfReader 0.91

0.91

Glyph & Cog XpdfReader 0.92

0.92

Glyph & Cog XpdfReader 0.93

0.93

Glyph & Cog XpdfReader 1.00

1.00

Glyph & Cog XpdfReader 1.01

1.01

Glyph & Cog XpdfReader 2.00

2.00

Glyph & Cog XpdfReader 2.01

2.01

Glyph & Cog XpdfReader 2.02

2.02

Glyph & Cog XpdfReader 2.03

2.03

Glyph & Cog XpdfReader 3.00

3.00

Glyph & Cog XpdfReader 3.01

3.01

Apple CUPS 1.1

1.1

Apple CUPS 1.1.1

1.1.1

Apple CUPS 1.1.2

1.1.2

Apple CUPS 1.1.3

1.1.3

Apple CUPS 1.1.4

1.1.4

Apple CUPS 1.1.5

1.1.5

Apple CUPS 1.1.5-1

1.1.5-1

Apple CUPS 1.1.5-2

1.1.5-2

Apple CUPS 1.1.6

1.1.6

Apple CUPS 1.1.6-1

1.1.6-1

Apple CUPS 1.1.6-2

1.1.6-2

Apple CUPS 1.1.6-3

1.1.6-3

Apple CUPS 1.1.7

1.1.7

Apple CUPS 1.1.8

1.1.8

Apple CUPS 1.1.9

1.1.9

Apple CUPS 1.1.9-1

1.1.9-1

Apple CUPS 1.1.10

1.1.10

Apple CUPS 1.1.10-1

1.1.10-1

Apple CUPS 1.1.11

1.1.11

Apple CUPS 1.1.12

1.1.12

Apple CUPS 1.1.13

1.1.13

Apple CUPS 1.1.14

1.1.14

Apple CUPS 1.1.15

1.1.15

Apple CUPS 1.1.16

1.1.16

Apple CUPS 1.1.17

1.1.17

Apple CUPS 1.18

1.1.18

Apple CUPS 1.1.19

1.1.19

Apple CUPS 1.1.19 release candidate 1

1.1.19

Apple CUPS 1.1.19 release candidate 2

1.1.19

Apple CUPS 1.1.19 release candidate 3

1.1.19

Apple CUPS 1.1.19 release candidate 4

1.1.19

Apple CUPS 1.1.19 release candidate 5

1.1.19

Apple CUPS 1.1.20

1.1.20

Apple CUPS 1.1.20 release candidate 1

1.1.20

Apple CUPS 1.1.20 release candidate 2

1.1.20

Apple CUPS 1.1.20 release candidate 3

1.1.20

Apple CUPS 1.1.20 release candidate 4

1.1.20

Apple CUPS 1.1.20 release candidate 5

1.1.20

Apple CUPS 1.1.20 release candidate 6

1.1.20

Apple CUPS 1.1.21

1.1.21

Apple CUPS 1.1.21 release candidate 1

1.1.21

Apple CUPS 1.1.21 release candidate 2

1.1.21

Apple CUPS 1.1.22

1.1.22

Apple CUPS 1.1.22 release candidate 1

1.1.22

Apple CUPS 1.1.22 release candidate 2

1.1.22

Apple CUPS 1.1.23

1.1.23

Apple CUPS 1.1.23 release candidate 1

1.1.23

Apple CUPS 1.2.0

1.2.0

Apple CUPS 1.2.1

1.2.1

Apple CUPS 1.2.2

1.2.2

Apple CUPS 1.2.3

1.2.3

Apple CUPS 1.2.4

1.2.4

Apple CUPS 1.2.5

1.2.5

Apple CUPS 1.2.6

1.2.6

Apple CUPS 1.2.7

1.2.7

Apple CUPS 1.2.8

1.2.8

Apple CUPS 1.2.9

1.2.9

Apple CUPS 1.2.10

1.2.10

Apple CUPS 1.2.11

1.2.11

Apple CUPS 1.2.12

1.2.12

Apple CUPS 1.3.0

1.3.0

Apple CUPS 1.3.1

1.3.1

Apple CUPS 1.3.2

1.3.2

Apple CUPS 1.3.3

1.3.3

Apple CUPS 1.3.4

1.3.4

Apple CUPS 1.3.5

1.3.5

Apple CUPS 1.3.6

1.3.6

Apple CUPS 1.3.7

1.3.7

Apple CUPS 1.3.8

1.3.8

Apple Cups

Apple CUPS 1.3.10

1.3.10

Apple CUPS 1.3.11

1.3.11

References

SUSE-SA:2009:024

SUSE-SR:2009:010

SUSE-SR:2009:012

http://poppler.freedesktop.org/releases.html

Patch, Vendor Advisory

RHSA-2009:0458

Patch

34291

Vendor Advisory

34481

Vendor Advisory

34746

Vendor Advisory

34755

Vendor Advisory

34756

Vendor Advisory

34852

Vendor Advisory

34959

Vendor Advisory

34963

Vendor Advisory

34991

Vendor Advisory

35037

Vendor Advisory

35064

Vendor Advisory

35065

Vendor Advisory

35618

Vendor Advisory

35685

Vendor Advisory

SSA:2009-129-01

DSA-1790

Patch

DSA-1793

Patch

VU#196617

US Government Resource

MDVSA-2009:101

MDVSA-2010:087

MDVSA-2011:175

RHSA-2009:0429

Patch

RHSA-2009:0430

Patch

RHSA-2009:0431

Patch

RHSA-2009:0480

Patch

34568

Patch

1022073

ADV-2009-1065

Patch, Vendor Advisory

ADV-2009-1066

Patch, Vendor Advisory

ADV-2009-1076

Patch, Vendor Advisory

ADV-2009-1077

Vendor Advisory

ADV-2010-1040

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=495892

oval:org.mitre.oval:def:9926

FEDORA-2009-6972

FEDORA-2009-6973

FEDORA-2009-6982

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.