CVE-2009-1182
Published: 23 April 2009
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Notes
| Author | Note |
|---|---|
| jdstrand | CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) |
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
cups Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| dapper |
Does not exist
|
|
| disco |
Not vulnerable
|
|
| eoan |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Does not exist
(precise was not-affected)
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Released
(1.3.10)
|
|
| utopic |
Not vulnerable
|
|
| vivid |
Not vulnerable
|
|
| wily |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Not vulnerable
|
|
| zesty |
Not vulnerable
|
|
|
cupsys Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Not vulnerable
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Not vulnerable
|
|
| hardy |
Not vulnerable
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(1.3.10)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
evince Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(linked to poppler)
|
| bionic |
Not vulnerable
(linked to poppler)
|
|
| cosmic |
Not vulnerable
(linked to poppler)
|
|
| dapper |
Not vulnerable
(linked to poppler)
|
|
| disco |
Not vulnerable
(linked to poppler)
|
|
| eoan |
Not vulnerable
(linked to poppler)
|
|
| focal |
Not vulnerable
(linked to poppler)
|
|
| groovy |
Not vulnerable
(linked to poppler)
|
|
| gutsy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| hirsute |
Not vulnerable
(linked to poppler)
|
|
| impish |
Not vulnerable
(linked to poppler)
|
|
| intrepid |
Not vulnerable
(linked to poppler)
|
|
| jammy |
Not vulnerable
(linked to poppler)
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Not vulnerable
(linked to poppler)
|
|
| precise |
Does not exist
(precise was not-affected [linked to poppler])
|
|
| quantal |
Not vulnerable
(linked to poppler)
|
|
| raring |
Not vulnerable
(linked to poppler)
|
|
| saucy |
Not vulnerable
(linked to poppler)
|
|
| trusty |
Does not exist
(trusty was not-affected [linked to poppler])
|
|
| upstream |
Not vulnerable
(linked to poppler)
|
|
| utopic |
Not vulnerable
(linked to poppler)
|
|
| vivid |
Not vulnerable
(linked to poppler)
|
|
| wily |
Not vulnerable
(linked to poppler)
|
|
| xenial |
Not vulnerable
(linked to poppler)
|
|
| yakkety |
Not vulnerable
(linked to poppler)
|
|
| zesty |
Not vulnerable
(linked to poppler)
|
|
|
gpdf Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
ipe Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(uses system pdflatex)
|
| bionic |
Not vulnerable
(uses system pdflatex)
|
|
| cosmic |
Not vulnerable
(uses system pdflatex)
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Not vulnerable
(uses system pdflatex)
|
|
| eoan |
Not vulnerable
(uses system pdflatex)
|
|
| focal |
Not vulnerable
(uses system pdflatex)
|
|
| groovy |
Not vulnerable
(uses system pdflatex)
|
|
| gutsy |
Needs triage
(reached end-of-life)
|
|
| hardy |
Not vulnerable
(uses system pdflatex)
|
|
| hirsute |
Not vulnerable
(uses system pdflatex)
|
|
| impish |
Not vulnerable
(uses system pdflatex)
|
|
| intrepid |
Needs triage
(reached end-of-life)
|
|
| jammy |
Not vulnerable
(uses system pdflatex)
|
|
| jaunty |
Ignored
(reached end-of-life)
|
|
| karmic |
Ignored
(reached end-of-life)
|
|
| lucid |
Not vulnerable
(uses system pdflatex)
|
|
| maverick |
Not vulnerable
(uses system pdflatex)
|
|
| natty |
Not vulnerable
(uses system pdflatex)
|
|
| oneiric |
Not vulnerable
(uses system pdflatex)
|
|
| precise |
Does not exist
(precise was not-affected [uses system pdflatex])
|
|
| quantal |
Not vulnerable
(uses system pdflatex)
|
|
| raring |
Not vulnerable
(uses system pdflatex)
|
|
| saucy |
Not vulnerable
(uses system pdflatex)
|
|
| trusty |
Does not exist
(trusty was not-affected [uses system pdflatex])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(uses system pdflatex)
|
|
| vivid |
Not vulnerable
(uses system pdflatex)
|
|
| wily |
Not vulnerable
(uses system pdflatex)
|
|
| xenial |
Not vulnerable
(uses system pdflatex)
|
|
| yakkety |
Not vulnerable
(uses system pdflatex)
|
|
| zesty |
Not vulnerable
(uses system pdflatex)
|
|
|
kdegraphics Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Not vulnerable
(linked to poppler)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Not vulnerable
(linked to poppler)
|
|
| jammy |
Does not exist
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
koffice Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Needs triage
(reached end-of-life)
|
|
| hardy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
libextractor Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| gutsy |
Needs triage
(reached end-of-life)
|
|
| hardy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| intrepid |
Needs triage
(reached end-of-life)
|
|
| jammy |
Needs triage
|
|
| jaunty |
Ignored
(reached end-of-life)
|
|
| karmic |
Ignored
(reached end-of-life)
|
|
| lucid |
Ignored
(reached end-of-life)
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Ignored
(reached end-of-life)
|
|
| oneiric |
Ignored
(reached end-of-life)
|
|
| precise |
Does not exist
(precise was needs-triage)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
(trusty was needs-triage)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(reached end-of-life)
|
|
| vivid |
Ignored
(reached end-of-life)
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
|
|
pdfkit.framework Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
pdftohtml Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
poppler Launchpad, Ubuntu, Debian |
artful |
Released
(0.10.5-1ubuntu2)
|
| bionic |
Released
(0.10.5-1ubuntu2)
|
|
| cosmic |
Released
(0.10.5-1ubuntu2)
|
|
| dapper |
Released
(0.5.1-0ubuntu7.5)
|
|
| disco |
Released
(0.10.5-1ubuntu2)
|
|
| eoan |
Released
(0.10.5-1ubuntu2)
|
|
| focal |
Released
(0.10.5-1ubuntu2)
|
|
| groovy |
Released
(0.10.5-1ubuntu2)
|
|
| gutsy |
Needs triage
(reached end-of-life)
|
|
| hardy |
Released
(0.6.4-1ubuntu3.2)
|
|
| hirsute |
Released
(0.10.5-1ubuntu2)
|
|
| impish |
Released
(0.10.5-1ubuntu2)
|
|
| intrepid |
Released
(0.8.7-1ubuntu0.2)
|
|
| jammy |
Released
(0.10.5-1ubuntu2)
|
|
| jaunty |
Released
(0.10.5-1ubuntu2)
|
|
| karmic |
Released
(0.10.5-1ubuntu2)
|
|
| lucid |
Released
(0.10.5-1ubuntu2)
|
|
| maverick |
Released
(0.10.5-1ubuntu2)
|
|
| natty |
Released
(0.10.5-1ubuntu2)
|
|
| oneiric |
Released
(0.10.5-1ubuntu2)
|
|
| precise |
Does not exist
(precise was released [0.10.5-1ubuntu2])
|
|
| quantal |
Released
(0.10.5-1ubuntu2)
|
|
| raring |
Released
(0.10.5-1ubuntu2)
|
|
| saucy |
Released
(0.10.5-1ubuntu2)
|
|
| trusty |
Does not exist
(trusty was released [0.10.5-1ubuntu2])
|
|
| upstream |
Needs triage
|
|
| utopic |
Released
(0.10.5-1ubuntu2)
|
|
| vivid |
Released
(0.10.5-1ubuntu2)
|
|
| wily |
Released
(0.10.5-1ubuntu2)
|
|
| xenial |
Released
(0.10.5-1ubuntu2)
|
|
| yakkety |
Released
(0.10.5-1ubuntu2)
|
|
| zesty |
Released
(0.10.5-1ubuntu2)
|
|
|
tetex-bin Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Not vulnerable
(linked to poppler)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(linked to poppler)
|
| bionic |
Not vulnerable
(linked to poppler)
|
|
| cosmic |
Not vulnerable
(linked to poppler)
|
|
| dapper |
Does not exist
|
|
| disco |
Not vulnerable
(linked to poppler)
|
|
| eoan |
Not vulnerable
(linked to poppler)
|
|
| focal |
Not vulnerable
(linked to poppler)
|
|
| groovy |
Not vulnerable
(linked to poppler)
|
|
| gutsy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| hirsute |
Not vulnerable
(linked to poppler)
|
|
| impish |
Not vulnerable
(linked to poppler)
|
|
| intrepid |
Not vulnerable
(linked to poppler)
|
|
| jammy |
Not vulnerable
(linked to poppler)
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Not vulnerable
(linked to poppler)
|
|
| precise |
Does not exist
(precise was not-affected [linked to poppler])
|
|
| quantal |
Not vulnerable
(linked to poppler)
|
|
| raring |
Not vulnerable
(linked to poppler)
|
|
| saucy |
Not vulnerable
(linked to poppler)
|
|
| trusty |
Does not exist
(trusty was not-affected [linked to poppler])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(linked to poppler)
|
|
| vivid |
Not vulnerable
(linked to poppler)
|
|
| wily |
Not vulnerable
(linked to poppler)
|
|
| xenial |
Not vulnerable
(linked to poppler)
|
|
| yakkety |
Not vulnerable
(linked to poppler)
|
|
| zesty |
Not vulnerable
(linked to poppler)
|
|
|
xpdf Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(3.02-2)
|
| bionic |
Not vulnerable
(3.02-2)
|
|
| cosmic |
Not vulnerable
(3.02-2)
|
|
| dapper |
Ignored
(reached end-of-life)
|
|
| disco |
Not vulnerable
(3.02-2)
|
|
| eoan |
Not vulnerable
(3.02-2)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| gutsy |
Needs triage
(reached end-of-life)
|
|
| hardy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| intrepid |
Needs triage
(reached end-of-life)
|
|
| jammy |
Not vulnerable
|
|
| jaunty |
Released
(3.02-1.4ubuntu2.9.04.1)
|
|
| karmic |
Released
(3.02-1.4ubuntu2.9.10.1)
|
|
| lucid |
Not vulnerable
(3.02-2)
|
|
| maverick |
Not vulnerable
(3.02-2)
|
|
| natty |
Not vulnerable
(3.02-2)
|
|
| oneiric |
Not vulnerable
(3.02-2)
|
|
| precise |
Does not exist
(precise was not-affected [3.02-2])
|
|
| quantal |
Not vulnerable
(3.02-2)
|
|
| raring |
Not vulnerable
(3.02-2)
|
|
| saucy |
Not vulnerable
(3.02-2)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.02-2])
|
|
| upstream |
Released
(3.02-2)
|
|
| utopic |
Not vulnerable
(3.02-2)
|
|
| vivid |
Not vulnerable
(3.02-2)
|
|
| wily |
Not vulnerable
(3.02-2)
|
|
| xenial |
Not vulnerable
(3.02-2)
|
|
| yakkety |
Not vulnerable
(3.02-2)
|
|
| zesty |
Not vulnerable
(3.02-2)
|