CVE-2009-1179

Name of the Vulnerable Software and Affected Versions CUPS versions 1.3.9 and earlier Xpdf version 3.02pl2 and earlier Poppler version prior to 0.10.6 cups-libs-x86 (affected versions not specified) kdegraphics-devel-3.5.4 (affected versions not specified) cups-debugsource (affected versions not specified) kdegraphics-3.5.4 (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-devel (affected versions not specified) cups (affected versions not specified) cups-libs (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages, including CUPS, Xpdf, and Poppler, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities include an integer overflow in the JBIG2 decoder, which allows remote attackers to execute arbitrary code via a crafted PDF file.

Recommendations For CUPS versions 1.3.9 and earlier, update to a version later than 1.3.9. For Xpdf version 3.02pl2 and earlier, update to a version later than 3.02pl2. For Poppler version prior to 0.10.6, update to version 0.10.6 or later. For cups-libs-x86, consider disabling the vulnerable component until a patch is available. For kdegraphics-devel-3.5.4, restrict access to the vulnerable module to minimize the risk of exploitation. For cups-debugsource, avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. For kdegraphics-3.5.4, consider temporarily disabling the vulnerable function until a patch is available. For cups-libs-32bit, cups-client, cups-debuginfo, cups-devel, cups, and cups-libs, at the moment, there is no information about a newer version that contains a fix for this vulnerability.