Executive Summary

Informations
NameCVE-2009-1180First vendor Publication2009-04-23
VendorCveLast vendor Modification2012-04-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9926
 
Oval ID: oval:org.mitre.oval:def:9926
Title: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
Description: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1180
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application72
Application34
Application48

Open Source Vulnerability Database (OSVDB)

idDescription
54481Poppler JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution
54480Xpdf JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution
54479CUPS JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/34568
CERT-VNhttp://www.kb.cert.org/vuls/id/196617
CONFIRMhttp://poppler.freedesktop.org/releases.html
https://bugzilla.redhat.com/show_bug.cgi?id=495892
DEBIANhttp://www.debian.org/security/2009/dsa-1790
http://www.debian.org/security/2009/dsa-1793
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
REDHAThttp://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
SECTRACKhttp://www.securitytracker.com/id?1022073
SECUNIAhttp://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34746
http://secunia.com/advisories/34755
http://secunia.com/advisories/34756
http://secunia.com/advisories/34852
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/34991
http://secunia.com/advisories/35037
http://secunia.com/advisories/35064
http://secunia.com/advisories/35065
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&...
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
VUPENhttp://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2010/1040

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:47:56
  • Multiple Updates