Lucene search

[email protected]CVE-2009-1187

HistoryApr 23, 2009 - 7:30 p.m.

CVE-2009-1187

2009-04-2319:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-1187

integer overflow

jbig2 decoding

poppler

denial of service

remote attack

arbitrary code

cairooutputdev

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

AI Score

Confidence

High

0.184 Low

EPSS

Percentile

96.2%

JSON

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

Affected configurations

NVD

Node

popplerpopplerRange≤0.10.5

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.5.90

popplerpopplerMatch0.5.91

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.5

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

CPENameOperatorVersion
poppler:popplerpopplerle0.10.5
poppler:popplerpopplereq0.1
poppler:popplerpopplereq0.1.1
poppler:popplerpopplereq0.1.2
poppler:popplerpopplereq0.2.0
poppler:popplerpopplereq0.3.0
poppler:popplerpopplereq0.3.1
poppler:popplerpopplereq0.3.2
poppler:popplerpopplereq0.3.3
poppler:popplerpopplereq0.4.0

CPE	Name	Operator	Version
poppler:poppler	poppler	le	0.10.5
poppler:poppler	poppler	eq	0.1
poppler:poppler	poppler	eq	0.1.1
poppler:poppler	poppler	eq	0.1.2
poppler:poppler	poppler	eq	0.2.0
poppler:poppler	poppler	eq	0.3.0
poppler:poppler	poppler	eq	0.3.1
poppler:poppler	poppler	eq	0.3.2
poppler:poppler	poppler	eq	0.3.3
poppler:poppler	poppler	eq	0.4.0