CVE-2009-1180

Name of the Vulnerable Software and Affected Versions CUPS versions 1.3.9 and earlier Xpdf version 3.02pl2 and earlier Poppler versions prior to 0.10.6 kdegraphics-3.5.4 kdegraphics-devel-3.5.4 cups-libs-x86 (affected versions not specified) cups-debugsource (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-devel (affected versions not specified) cups (affected versions not specified) cups-libs (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages, including CUPS, Xpdf, Poppler, and kdegraphics, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. The JBIG2 decoder in affected products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

Recommendations For CUPS versions 1.3.9 and earlier, update to a version later than 1.3.9. For Xpdf version 3.02pl2 and earlier, update to a version later than 3.02pl2. For Poppler versions prior to 0.10.6, update to version 0.10.6 or later. For kdegraphics-3.5.4 and kdegraphics-devel-3.5.4, consider disabling the vulnerable components until a patch is available. For cups-libs-x86, cups-debugsource, cups-libs-32bit, cups-client, cups-debuginfo, cups-devel, cups, and cups-libs, at the moment, there is no information about a newer version that contains a fix for this vulnerability.