CVE-2009-1179

Опубликовано: 23 апр. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

Ссылки

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://poppler.freedesktop.org/releases.html
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://secunia.com/advisories/34291
Vendor Advisory
http://secunia.com/advisories/34481
Vendor Advisory
http://secunia.com/advisories/34746
Vendor Advisory
http://secunia.com/advisories/34755
Vendor Advisory
http://secunia.com/advisories/34756
Vendor Advisory
http://secunia.com/advisories/34852
Vendor Advisory
http://secunia.com/advisories/34959
Vendor Advisory
http://secunia.com/advisories/34963
Vendor Advisory
http://secunia.com/advisories/34991
Vendor Advisory
http://secunia.com/advisories/35037
Vendor Advisory
http://secunia.com/advisories/35064
Vendor Advisory
http://secunia.com/advisories/35065
Vendor Advisory
http://secunia.com/advisories/35379
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*

cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*

Версия до 3.02 (включая)

cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*

Версия до 0.10.5 (включая)

cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

Версия до 1.3.9 (включая)

cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05331

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

CVE-2009-1179

ubuntu

около 16 лет назад

CVE-2009-1179

redhat

около 16 лет назад

CVE-2009-1179

debian

около 16 лет назад

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP ...

GHSA-p2p8-hc72-rjjm

github

около 3 лет назад

BDU:2015-08481

fstec

около 16 лет назад

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 90%

0.05331

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-189