CVE-2009-1181

CWE-399 CWE-476 — NULL Pointer Dereference CWE-75415 documents9 sources

Severity

4.3MEDIUM

EPSS

2.4%

top 14.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Glyphandcog Xpdfreader Poppler Poppler +1 more

Timeline

PublishedApr 23

Latest updateDec 30

Description

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

▶Debianxpdf< 3.02-1.4+lenny1+3

▶Debianpoppler< 0.10.6-1+3

▶NVDapple/cups1.3.9+55

▶NVDpoppler/poppler0.10.5+47

▶NVDglyphandcog/xpdfreader3.02+19

Patches

Patch: poppler.freedesktop.org ↗Patch: secunia.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

OSV

vhost_vdpa: fix the crash in unmap a large memory↗2025-12-30

▶

GHSA

GHSA-2hrx-xwqf-pfcv: The JBIG2 decoder in Xpdf 3↗2022-05-02

▶

CVEList

CVE-2009-1181: The JBIG2 decoder in Xpdf 3↗2009-04-23

▶

OSV

CVE-2009-1181: The JBIG2 decoder in Xpdf 3↗2009-04-23

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap↗2025-12-30

▶

Ubuntu

KOffice vulnerabilities↗2010-08-17

▶

Ubuntu

poppler vulnerabilities↗2009-04-16

▶

Red Hat

PDF JBIG2 NULL dereference↗2009-04-16

▶

Debian

CVE-2009-1181: poppler - The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler b...↗2009

▶

💬Community

Bugzilla

CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F10]↗2009-04-21

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

CVE-2009-1181 PDF JBIG2 NULL dereference↗2009-04-15

▶