National Cyber Awareness System

Vulnerability Summary for CVE-2009-1187

Overview

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#196617

Name: VU#196617

Hyperlink:http://www.kb.cert.org/vuls/id/196617

External Source: CONFIRM

Name: http://bugs.gentoo.org/show_bug.cgi?id=263028#c16

Type: Patch Information

Hyperlink:http://bugs.gentoo.org/show_bug.cgi?id=263028#c16

External Source: FEDORA

Name: FEDORA-2009-6982

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

External Source: FEDORA

Name: FEDORA-2009-6973

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html

External Source: FEDORA

Name: FEDORA-2009-6972

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html

External Source: CONFIRM

Name: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875

Hyperlink:https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875

External Source: XF

Name: poppler-jbig2-cairooutputdev-code-excution(50184)

Hyperlink:http://xforce.iss.net/xforce/xfdb/50184

External Source: VUPEN

Name: ADV-2010-1040

Hyperlink:http://www.vupen.com/english/advisories/2010/1040

External Source: VUPEN

Name: ADV-2009-1076

Hyperlink:http://www.vupen.com/english/advisories/2009/1076

External Source: BID

Name: 34568

Hyperlink:http://www.securityfocus.com/bid/34568

External Source: BUGTRAQ

Name: 20090417 rPSA-2009-0059-1 poppler

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded

External Source: REDHAT

Name: RHSA-2009:0480

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0480.html

External Source: MANDRIVA

Name: MDVSA-2011:175

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

External Source: MANDRIVA

Name: MDVSA-2010:087

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

External Source: CONFIRM

Name: http://wiki.rpath.com/Advisories:rPSA-2009-0059

Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2009-0059

External Source: SECUNIA

Name: 35618

Hyperlink:http://secunia.com/advisories/35618

External Source: SECUNIA

Name: 35064

Hyperlink:http://secunia.com/advisories/35064

External Source: SECUNIA

Name: 34746

Hyperlink:http://secunia.com/advisories/34746

External Source: CONFIRM

Name: http://poppler.freedesktop.org/releases.html

Hyperlink:http://poppler.freedesktop.org/releases.html

External Source: OVAL

Name: oval:org.mitre.oval:def:10292

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10292

References to Check Content

Identifier:oval:org.mitre.oval:def:10292

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10292