CVE-2009-1188
kdegraphics - several vulnerabilities
EPSS 22.0%
Description
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
How to fix CVE-2009-1188
To remediate CVE-2009-1188, upgrade the affected package to a fixed version below.
- Debian/kdegraphics—upgrade to 4:3.5.9-3+lenny3 or later
- Debian/poppler—upgrade to 0.10.6-1 or later
- —upgrade to 3.02-2 or later
- —upgrade to 3.02-1.4+lenny2 or later
Is CVE-2009-1188 being exploited?
Moderate — EPSS is 22.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 4:3.5.9-3+lenny3
- from 0, < 0.10.6-1
- from 0, < 3.02-2
- from 0, < 3.02-1.4+lenny2