CVE-2009-1179

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

How to fix CVE-2009-1179

To remediate CVE-2009-1179, upgrade the affected package to a fixed version below.

• Debian/poppler—upgrade to 0.10.6-1 or later
• Debian/xpdf—upgrade to 3.02-1.4+lenny1 or later

Is CVE-2009-1179 being exploited?

Moderate — EPSS is 33.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 0.10.6-1
• from 0, < 3.02-1.4+lenny1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-1179