CVSS: 4.3EPSS: 2%CPEs: 154EXPL: 0CVE-2009-1183 – PDF JBIG2 MMR infinite loop DoS
https://notcve.org/view.php?id=CVE-2009-1183
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. El decodificador JBIG2 MMR en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, Poppler versión anterior a 0.10.6, y otros productos permite a los atacantes remotos causar una denegación de servicio (bucle infinito y colgar) por medio de un archivo PDF creado. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://poppler.freedesktop.org/releases.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34746 http://secunia.com/advisories/34755 http://secunia.com/advisories&#x • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 18%CPEs: 48EXPL: 0CVE-2009-1187 – poppler CairoOutputDev integer overflow
https://notcve.org/view.php?id=CVE-2009-1187
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). Desbordamiento de entero en la característica JBIG2 decoding en Poppler anteriores a v0.10.6 permite a atacantes remotos producir una denegación de servicio (caida) y posiblemente ejecutar código a través de vectores relacionados con CairoOutputDev (CairoOutputDev.cc). • http://bugs.gentoo.org/show_bug.cgi?id=263028#c16 http://poppler.freedesktop.org/releases.html http://secunia.com/advisories/34746 http://secunia.com/advisories/35064 http://secunia.com/advisories/35618 http://wiki.rpath.com/Advisories:rPSA-2009-0059 http://www.kb.cert.org/vuls/id/196617 http://www.mandriva.com/security/advisories?name=MDVSA-2010:087 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.redhat.com/support/errata/RHSA-2009-0480.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 23%CPEs: 48EXPL: 0CVE-2009-1188 – xpdf/poppler: SplashBitmap integer overflow
https://notcve.org/view.php?id=CVE-2009-1188
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Desbordamiento de entero en la característica JBIG2 decoding en Poppler anteriores a v0.10.6 permite a atacantes remotos producir una denegación de servicio (caida) y posiblemente ejecutar código a través de vectores relacionados con SplashBitmap (splash/SplashBitmap.cc). • http://bugs.gentoo.org/show_bug.cgi?id=263028#c16 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://poppler.freedesktop.org/releases.html http://secunia.com/advisories/34746 http://secunia.com/advisories/35064 http://secunia.com/advisories/35618 http://secunia.com/advisories/37028 http:// • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •