Buffer overflow in Apple Cups
CVE-2009-1182
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Vulnerability class: Buffer Overflow
EPSS: 0.073 (93.6th percentile) — read the EPSS interpretation.
Affected products
- Apple Cups — versions 1.1, 1.1.1, 1.1.2
- Foolabs Xpdf — versions 0.5a, 0.7a, 0.91a
- Glyphandcog Xpdfreader — versions 0.2, 0.3, 0.4
- Poppler — versions 0.1, 0.1.1, 0.1.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (vendor-advisory, x_refsource_SLACKWARE)
Frequently asked questions
- What is CVE-2009-1182?
- CVE-2009-1182 is a vulnerability in Apple Cups, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-04-23.
- Is CVE-2009-1182 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.