CVE-2009-1187 - OpenCVE

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Poppler	Poppler

Configuration 1 [-]

OR	cpe:2.3:a:poppler:poppler::::::::
	cpe:2.3:a:poppler:poppler:0.1:::::::*
	cpe:2.3:a:poppler:poppler:0.1.1:::::::*
	cpe:2.3:a:poppler:poppler:0.1.2:::::::*
	cpe:2.3:a:poppler:poppler:0.2.0:::::::*
	cpe:2.3:a:poppler:poppler:0.3.0:::::::*
	cpe:2.3:a:poppler:poppler:0.3.1:::::::*
	cpe:2.3:a:poppler:poppler:0.3.2:::::::*
	cpe:2.3:a:poppler:poppler:0.3.3:::::::*
	cpe:2.3:a:poppler:poppler:0.4.0:::::::*
	cpe:2.3:a:poppler:poppler:0.4.1:::::::*
	cpe:2.3:a:poppler:poppler:0.4.2:::::::*
	cpe:2.3:a:poppler:poppler:0.4.3:::::::*
	cpe:2.3:a:poppler:poppler:0.4.4:::::::*
	cpe:2.3:a:poppler:poppler:0.5.0:::::::*
	cpe:2.3:a:poppler:poppler:0.5.1:::::::*
	cpe:2.3:a:poppler:poppler:0.5.2:::::::*
	cpe:2.3:a:poppler:poppler:0.5.3:::::::*
	cpe:2.3:a:poppler:poppler:0.5.4:::::::*
	cpe:2.3:a:poppler:poppler:0.5.9:::::::*
	cpe:2.3:a:poppler:poppler:0.5.90:::::::*
	cpe:2.3:a:poppler:poppler:0.5.91:::::::*
	cpe:2.3:a:poppler:poppler:0.6.0:::::::*
	cpe:2.3:a:poppler:poppler:0.6.1:::::::*
	cpe:2.3:a:poppler:poppler:0.6.2:::::::*
	cpe:2.3:a:poppler:poppler:0.6.3:::::::*
	cpe:2.3:a:poppler:poppler:0.6.4:::::::*
	cpe:2.3:a:poppler:poppler:0.7.0:::::::*
	cpe:2.3:a:poppler:poppler:0.7.1:::::::*
	cpe:2.3:a:poppler:poppler:0.7.2:::::::*
	cpe:2.3:a:poppler:poppler:0.7.3:::::::*
	cpe:2.3:a:poppler:poppler:0.8.0:::::::*
	cpe:2.3:a:poppler:poppler:0.8.1:::::::*
	cpe:2.3:a:poppler:poppler:0.8.2:::::::*
	cpe:2.3:a:poppler:poppler:0.8.3:::::::*
	cpe:2.3:a:poppler:poppler:0.8.4:::::::*
	cpe:2.3:a:poppler:poppler:0.8.5:::::::*
	cpe:2.3:a:poppler:poppler:0.8.6:::::::*
	cpe:2.3:a:poppler:poppler:0.8.7:::::::*
	cpe:2.3:a:poppler:poppler:0.9.0:::::::*
	cpe:2.3:a:poppler:poppler:0.9.1:::::::*
	cpe:2.3:a:poppler:poppler:0.9.2:::::::*
	cpe:2.3:a:poppler:poppler:0.9.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.0:::::::*
	cpe:2.3:a:poppler:poppler:0.10.1:::::::*
	cpe:2.3:a:poppler:poppler:0.10.2:::::::*
	cpe:2.3:a:poppler:poppler:0.10.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.4:::::::*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16	Patch
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.kb.cert.org/vuls/id/196617	US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2010/1040
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html