CVE-2009-1187 — Integer Overflow or Wraparound in Poppler

CWE-189 CWE-190 — Integer Overflow or Wraparound11 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

39.9%

top 2.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Poppler

Timeline

PublishedApr 23

Latest updateMay 2

Description

Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianfreedesktop/poppler< 0.10.6-1+3

▶NVDpoppler/poppler0.10.5+47

Patches

Patch: bugs.gentoo.org ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-xr2j-w2jp-cp5m: Integer overflow in the JBIG2 decoding feature in Poppler before 0↗2022-05-02

▶

CVEList

CVE-2009-1187: Integer overflow in the JBIG2 decoding feature in Poppler before 0↗2009-04-23

▶

OSV

CVE-2009-1187: Integer overflow in the JBIG2 decoding feature in Poppler before 0↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2009-04-16

▶

Red Hat

poppler CairoOutputDev integer overflow↗2009-04-16

▶

Debian

CVE-2009-1187: poppler - Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows r...↗2009

▶

💬Community

Bugzilla

CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F10]↗2009-04-21

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

CVE-2009-1187 poppler CairoOutputDev integer overflow↗2009-04-15

▶