CVE-2009-1180

CVE Database · CVE-2009-1180

CVE-2009-1180

· N/AModified

CVSS v3.1

N/A

EPSS

5.41%

Published

Apr 23, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

Weaknesses (CWE)

CWE-399

Affected Products (154)

foolabs · xpdfvulnerable

· xpdf

References (20)

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://poppler.freedesktop.org/releases.html

PatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2009-0458.html

Patch

http://secunia.com/advisories/34291

Vendor Advisory

http://secunia.com/advisories/34481

Vendor Advisory

http://secunia.com/advisories/34746

KEV Catalog EPSS Scores Vendors All CVEs

foolabs · xpdfvulnerable

glyphandcog · xpdfreadervulnerable

poppler · popplervulnerable