Search for vulnerabilities
Vulnerability details: VCID-pxcd-dyhf-aaah
Vulnerability ID VCID-pxcd-dyhf-aaah
Aliases CVE-2009-1187
Summary Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2009:0480
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.15972 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.17320 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.17320 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.17320 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.17320 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.26482 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
epss 0.36966 https://api.first.org/data/v1/epss?cve=CVE-2009-1187
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=495906
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2009-1187
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16
http://poppler.freedesktop.org/releases.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1187.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1187
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1187
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
https://exchange.xforce.ibmcloud.com/vulnerabilities/50184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10292
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.kb.cert.org/vuls/id/196617
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2010/1040
495906 https://bugzilla.redhat.com/show_bug.cgi?id=495906
524806 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806
cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
CVE-2009-1187 https://nvd.nist.gov/vuln/detail/CVE-2009-1187
GLSA-201310-03 https://security.gentoo.org/glsa/201310-03
RHSA-2009:0480 https://access.redhat.com/errata/RHSA-2009:0480
USN-759-1 https://usn.ubuntu.com/759-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1187
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96082
EPSS Score 0.15972
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.