CVE-2009-1188 — Integer Overflow or Wraparound in Poppler
Severity
5.0MEDIUMNVD
EPSS
22.0%
top 4.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 23
Latest updateMay 2
Description
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-33p4-7h6v-86r2: Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap↗2022-05-02
CVEList▶
CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap↗2009-04-23
OSV▶
CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap↗2009-04-23
📋Vendor Advisories
4Debian▶
CVE-2009-1188: poppler - Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap...↗2009
💬Community
5Bugzilla▶
CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F10]↗2009-04-21
Bugzilla▶
CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F11]↗2009-04-21
Bugzilla▶
CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 poppler various flaws [F9]↗2009-04-21