7.5

CVE-2009-1182

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoolabsXpdf Version0.5a
FoolabsXpdf Version0.7a
FoolabsXpdf Version0.91a
FoolabsXpdf Version0.91b
FoolabsXpdf Version0.91c
FoolabsXpdf Version0.92a
FoolabsXpdf Version0.92b
FoolabsXpdf Version0.92c
FoolabsXpdf Version0.92d
FoolabsXpdf Version0.92e
FoolabsXpdf Version0.93a
FoolabsXpdf Version0.93b
FoolabsXpdf Version0.93c
FoolabsXpdf Version1.00a
GlyphandcogXpdfreader Version <= 3.02
GlyphandcogXpdfreader Version0.2
GlyphandcogXpdfreader Version0.3
GlyphandcogXpdfreader Version0.4
GlyphandcogXpdfreader Version0.5
GlyphandcogXpdfreader Version0.6
GlyphandcogXpdfreader Version0.7
GlyphandcogXpdfreader Version0.80
GlyphandcogXpdfreader Version0.90
GlyphandcogXpdfreader Version0.91
GlyphandcogXpdfreader Version0.92
GlyphandcogXpdfreader Version0.93
GlyphandcogXpdfreader Version1.00
GlyphandcogXpdfreader Version1.01
GlyphandcogXpdfreader Version2.00
GlyphandcogXpdfreader Version2.01
GlyphandcogXpdfreader Version2.02
GlyphandcogXpdfreader Version2.03
GlyphandcogXpdfreader Version3.00
GlyphandcogXpdfreader Version3.01
PopplerPoppler Version <= 0.10.5
PopplerPoppler Version0.1
PopplerPoppler Version0.1.1
PopplerPoppler Version0.1.2
PopplerPoppler Version0.2.0
PopplerPoppler Version0.3.0
PopplerPoppler Version0.3.1
PopplerPoppler Version0.3.2
PopplerPoppler Version0.3.3
PopplerPoppler Version0.4.0
PopplerPoppler Version0.4.1
PopplerPoppler Version0.4.2
PopplerPoppler Version0.4.3
PopplerPoppler Version0.4.4
PopplerPoppler Version0.5.0
PopplerPoppler Version0.5.1
PopplerPoppler Version0.5.2
PopplerPoppler Version0.5.3
PopplerPoppler Version0.5.4
PopplerPoppler Version0.5.9
PopplerPoppler Version0.5.90
PopplerPoppler Version0.5.91
PopplerPoppler Version0.6.0
PopplerPoppler Version0.6.1
PopplerPoppler Version0.6.2
PopplerPoppler Version0.6.3
PopplerPoppler Version0.6.4
PopplerPoppler Version0.7.0
PopplerPoppler Version0.7.1
PopplerPoppler Version0.7.2
PopplerPoppler Version0.7.3
PopplerPoppler Version0.8.0
PopplerPoppler Version0.8.1
PopplerPoppler Version0.8.2
PopplerPoppler Version0.8.3
PopplerPoppler Version0.8.4
PopplerPoppler Version0.8.5
PopplerPoppler Version0.8.6
PopplerPoppler Version0.8.7
PopplerPoppler Version0.9.0
PopplerPoppler Version0.9.1
PopplerPoppler Version0.9.2
PopplerPoppler Version0.9.3
PopplerPoppler Version0.10.0
PopplerPoppler Version0.10.1
PopplerPoppler Version0.10.2
PopplerPoppler Version0.10.3
PopplerPoppler Version0.10.4
AppleCups Version <= 1.3.9
AppleCups Version1.1
AppleCups Version1.1.1
AppleCups Version1.1.2
AppleCups Version1.1.3
AppleCups Version1.1.4
AppleCups Version1.1.5
AppleCups Version1.1.5-1
AppleCups Version1.1.5-2
AppleCups Version1.1.6
AppleCups Version1.1.6-1
AppleCups Version1.1.6-2
AppleCups Version1.1.6-3
AppleCups Version1.1.7
AppleCups Version1.1.8
AppleCups Version1.1.9
AppleCups Version1.1.9-1
AppleCups Version1.1.10
AppleCups Version1.1.10-1
AppleCups Version1.1.11
AppleCups Version1.1.12
AppleCups Version1.1.13
AppleCups Version1.1.14
AppleCups Version1.1.15
AppleCups Version1.1.16
AppleCups Version1.1.17
AppleCups Version1.1.18
AppleCups Version1.1.19
AppleCups Version1.1.19 Updaterc1
AppleCups Version1.1.19 Updaterc2
AppleCups Version1.1.19 Updaterc3
AppleCups Version1.1.19 Updaterc4
AppleCups Version1.1.19 Updaterc5
AppleCups Version1.1.20
AppleCups Version1.1.20 Updaterc1
AppleCups Version1.1.20 Updaterc2
AppleCups Version1.1.20 Updaterc3
AppleCups Version1.1.20 Updaterc4
AppleCups Version1.1.20 Updaterc5
AppleCups Version1.1.20 Updaterc6
AppleCups Version1.1.21
AppleCups Version1.1.21 Updaterc1
AppleCups Version1.1.21 Updaterc2
AppleCups Version1.1.22
AppleCups Version1.1.22 Updaterc1
AppleCups Version1.1.22 Updaterc2
AppleCups Version1.1.23
AppleCups Version1.1.23 Updaterc1
AppleCups Version1.2.0
AppleCups Version1.2.1
AppleCups Version1.2.2
AppleCups Version1.2.3
AppleCups Version1.2.4
AppleCups Version1.2.5
AppleCups Version1.2.6
AppleCups Version1.2.7
AppleCups Version1.2.8
AppleCups Version1.2.9
AppleCups Version1.2.10
AppleCups Version1.2.11
AppleCups Version1.2.12
AppleCups Version1.3.0
AppleCups Version1.3.1
AppleCups Version1.3.2
AppleCups Version1.3.3
AppleCups Version1.3.4
AppleCups Version1.3.5
AppleCups Version1.3.6
AppleCups Version1.3.7
AppleCups Version1.3.8
AppleCups Version1.3.10
AppleCups Version1.3.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.35% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/35065
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35685
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://rhn.redhat.com/errata/RHSA-2009-0458.html
Vendor Advisory
http://secunia.com/advisories/34291
Vendor Advisory
http://secunia.com/advisories/34481
Vendor Advisory
http://secunia.com/advisories/34755
Vendor Advisory
http://secunia.com/advisories/34756
Vendor Advisory
http://secunia.com/advisories/34852
Vendor Advisory
http://secunia.com/advisories/34959
Vendor Advisory
http://secunia.com/advisories/34963
Vendor Advisory
http://secunia.com/advisories/34991
Vendor Advisory
http://secunia.com/advisories/35037
Vendor Advisory
http://secunia.com/advisories/35064
Vendor Advisory
http://secunia.com/advisories/35618
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
http://www.debian.org/security/2009/dsa-1790
http://www.debian.org/security/2009/dsa-1793
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/bid/34568
http://www.securitytracker.com/id?1022073
http://www.vupen.com/english/advisories/2009/1065
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1066
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1077
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1040
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
Vendor Advisory
http://www.kb.cert.org/vuls/id/196617
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.vupen.com/english/advisories/2009/1076
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=495896
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735