CVE-2009-1182 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Cups

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources

Severity

7.5HIGHNVD

EPSS

7.1%

top 8.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Xpdf Apple Cups +3 more

Timeline

PublishedApr 23

Latest updateMay 2

Description

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶Debianxpdf/xpdf< 3.02-1.4+lenny1+3

▶Debianfreedesktop/poppler< 0.10.6-1+3

▶NVDapple/cups1.3.9+55

▶NVDpoppler/poppler0.10.5+47

▶NVDglyphandcog/xpdfreader3.02+19

🔴Vulnerability Details

GHSA

GHSA-rc72-3q8m-vx43: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3↗2022-05-02

▶

CVEList

CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3↗2009-04-23

▶

OSV

CVE-2009-1182: Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2009-04-16

▶

Red Hat

PDF JBIG2 MMR decoder buffer overflows↗2009-04-16

▶

Debian

CVE-2009-1182: poppler - Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, ...↗2009

▶

💬Community

Bugzilla

CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F10]↗2009-04-21

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

CVE-2009-1182 PDF JBIG2 MMR decoder buffer overflows↗2009-04-15

▶