CVE-2009-1180 - 漏洞详情

CVE-2009-1180 (CNNVD-200904-452)

MEDIUM

中文标题:

Foolabs Xpdf解码器JBIG2残缺数据释放和拒绝服务攻击漏洞

英文标题:

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and ot...

CVSS分数: 6.8

发布时间: 2009-04-23 17:00:00

漏洞类型: 资源管理错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Xpdf是便携文档格式(PDF)文件的开放源码查看器。 Xpdf的JBIG2解码器中存在拒绝服务攻击漏洞。攻击者可以创建恶意的PDF文件，如果打开了该文件就会导致Xpdf崩溃或执行任意代码。

英文描述:

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

CWE类型:

CWE-399

受影响产品

厂商	产品	版本	版本范围	平台	CPE
foolabs	xpdf	0.5a	-	-	`cpe:2.3:a:foolabs:xpdf:0.5a:::::::*`
foolabs	xpdf	0.7a	-	-	`cpe:2.3:a:foolabs:xpdf:0.7a:::::::*`
foolabs	xpdf	0.91a	-	-	`cpe:2.3:a:foolabs:xpdf:0.91a:::::::*`
foolabs	xpdf	0.91b	-	-	`cpe:2.3:a:foolabs:xpdf:0.91b:::::::*`
foolabs	xpdf	0.91c	-	-	`cpe:2.3:a:foolabs:xpdf:0.91c:::::::*`
foolabs	xpdf	0.92a	-	-	`cpe:2.3:a:foolabs:xpdf:0.92a:::::::*`
foolabs	xpdf	0.92b	-	-	`cpe:2.3:a:foolabs:xpdf:0.92b:::::::*`
foolabs	xpdf	0.92c	-	-	`cpe:2.3:a:foolabs:xpdf:0.92c:::::::*`
foolabs	xpdf	0.92d	-	-	`cpe:2.3:a:foolabs:xpdf:0.92d:::::::*`
foolabs	xpdf	0.92e	-	-	`cpe:2.3:a:foolabs:xpdf:0.92e:::::::*`
foolabs	xpdf	0.93a	-	-	`cpe:2.3:a:foolabs:xpdf:0.93a:::::::*`
foolabs	xpdf	0.93b	-	-	`cpe:2.3:a:foolabs:xpdf:0.93b:::::::*`
foolabs	xpdf	0.93c	-	-	`cpe:2.3:a:foolabs:xpdf:0.93c:::::::*`
foolabs	xpdf	1.00a	-	-	`cpe:2.3:a:foolabs:xpdf:1.00a:::::::*`
glyphandcog	xpdfreader	*	-	-	`cpe:2.3:a:glyphandcog:xpdfreader::::::::`
glyphandcog	xpdfreader	0.2	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*`
glyphandcog	xpdfreader	0.3	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*`
glyphandcog	xpdfreader	0.4	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*`
glyphandcog	xpdfreader	0.5	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*`
glyphandcog	xpdfreader	0.6	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*`
glyphandcog	xpdfreader	0.7	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*`
glyphandcog	xpdfreader	0.80	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*`
glyphandcog	xpdfreader	0.90	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*`
glyphandcog	xpdfreader	0.91	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*`
glyphandcog	xpdfreader	0.92	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::*`
glyphandcog	xpdfreader	0.93	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*`
glyphandcog	xpdfreader	1.00	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*`
glyphandcog	xpdfreader	1.01	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*`
glyphandcog	xpdfreader	2.00	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*`
glyphandcog	xpdfreader	2.01	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*`
glyphandcog	xpdfreader	2.02	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*`
glyphandcog	xpdfreader	2.03	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*`
glyphandcog	xpdfreader	3.00	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*`
glyphandcog	xpdfreader	3.01	-	-	`cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::*`
poppler	poppler	*	-	-	`cpe:2.3:a:poppler:poppler::::::::`
poppler	poppler	0.1	-	-	`cpe:2.3:a:poppler:poppler:0.1:::::::*`
poppler	poppler	0.1.1	-	-	`cpe:2.3:a:poppler:poppler:0.1.1:::::::*`
poppler	poppler	0.1.2	-	-	`cpe:2.3:a:poppler:poppler:0.1.2:::::::*`
poppler	poppler	0.2.0	-	-	`cpe:2.3:a:poppler:poppler:0.2.0:::::::*`
poppler	poppler	0.3.0	-	-	`cpe:2.3:a:poppler:poppler:0.3.0:::::::*`
poppler	poppler	0.3.1	-	-	`cpe:2.3:a:poppler:poppler:0.3.1:::::::*`
poppler	poppler	0.3.2	-	-	`cpe:2.3:a:poppler:poppler:0.3.2:::::::*`
poppler	poppler	0.3.3	-	-	`cpe:2.3:a:poppler:poppler:0.3.3:::::::*`
poppler	poppler	0.4.0	-	-	`cpe:2.3:a:poppler:poppler:0.4.0:::::::*`
poppler	poppler	0.4.1	-	-	`cpe:2.3:a:poppler:poppler:0.4.1:::::::*`
poppler	poppler	0.4.2	-	-	`cpe:2.3:a:poppler:poppler:0.4.2:::::::*`
poppler	poppler	0.4.3	-	-	`cpe:2.3:a:poppler:poppler:0.4.3:::::::*`
poppler	poppler	0.4.4	-	-	`cpe:2.3:a:poppler:poppler:0.4.4:::::::*`
poppler	poppler	0.5.0	-	-	`cpe:2.3:a:poppler:poppler:0.5.0:::::::*`
poppler	poppler	0.5.1	-	-	`cpe:2.3:a:poppler:poppler:0.5.1:::::::*`
poppler	poppler	0.5.2	-	-	`cpe:2.3:a:poppler:poppler:0.5.2:::::::*`
poppler	poppler	0.5.3	-	-	`cpe:2.3:a:poppler:poppler:0.5.3:::::::*`
poppler	poppler	0.5.4	-	-	`cpe:2.3:a:poppler:poppler:0.5.4:::::::*`
poppler	poppler	0.5.9	-	-	`cpe:2.3:a:poppler:poppler:0.5.9:::::::*`
poppler	poppler	0.5.90	-	-	`cpe:2.3:a:poppler:poppler:0.5.90:::::::*`
poppler	poppler	0.5.91	-	-	`cpe:2.3:a:poppler:poppler:0.5.91:::::::*`
poppler	poppler	0.6.0	-	-	`cpe:2.3:a:poppler:poppler:0.6.0:::::::*`
poppler	poppler	0.6.1	-	-	`cpe:2.3:a:poppler:poppler:0.6.1:::::::*`
poppler	poppler	0.6.2	-	-	`cpe:2.3:a:poppler:poppler:0.6.2:::::::*`
poppler	poppler	0.6.3	-	-	`cpe:2.3:a:poppler:poppler:0.6.3:::::::*`
poppler	poppler	0.6.4	-	-	`cpe:2.3:a:poppler:poppler:0.6.4:::::::*`
poppler	poppler	0.7.0	-	-	`cpe:2.3:a:poppler:poppler:0.7.0:::::::*`
poppler	poppler	0.7.1	-	-	`cpe:2.3:a:poppler:poppler:0.7.1:::::::*`
poppler	poppler	0.7.2	-	-	`cpe:2.3:a:poppler:poppler:0.7.2:::::::*`
poppler	poppler	0.7.3	-	-	`cpe:2.3:a:poppler:poppler:0.7.3:::::::*`
poppler	poppler	0.8.0	-	-	`cpe:2.3:a:poppler:poppler:0.8.0:::::::*`
poppler	poppler	0.8.1	-	-	`cpe:2.3:a:poppler:poppler:0.8.1:::::::*`
poppler	poppler	0.8.2	-	-	`cpe:2.3:a:poppler:poppler:0.8.2:::::::*`
poppler	poppler	0.8.3	-	-	`cpe:2.3:a:poppler:poppler:0.8.3:::::::*`
poppler	poppler	0.8.4	-	-	`cpe:2.3:a:poppler:poppler:0.8.4:::::::*`
poppler	poppler	0.8.5	-	-	`cpe:2.3:a:poppler:poppler:0.8.5:::::::*`
poppler	poppler	0.8.6	-	-	`cpe:2.3:a:poppler:poppler:0.8.6:::::::*`
poppler	poppler	0.8.7	-	-	`cpe:2.3:a:poppler:poppler:0.8.7:::::::*`
poppler	poppler	0.9.0	-	-	`cpe:2.3:a:poppler:poppler:0.9.0:::::::*`
poppler	poppler	0.9.1	-	-	`cpe:2.3:a:poppler:poppler:0.9.1:::::::*`
poppler	poppler	0.9.2	-	-	`cpe:2.3:a:poppler:poppler:0.9.2:::::::*`
poppler	poppler	0.9.3	-	-	`cpe:2.3:a:poppler:poppler:0.9.3:::::::*`
poppler	poppler	0.10.0	-	-	`cpe:2.3:a:poppler:poppler:0.10.0:::::::*`
poppler	poppler	0.10.1	-	-	`cpe:2.3:a:poppler:poppler:0.10.1:::::::*`
poppler	poppler	0.10.2	-	-	`cpe:2.3:a:poppler:poppler:0.10.2:::::::*`
poppler	poppler	0.10.3	-	-	`cpe:2.3:a:poppler:poppler:0.10.3:::::::*`
poppler	poppler	0.10.4	-	-	`cpe:2.3:a:poppler:poppler:0.10.4:::::::*`
apple	cups	*	-	-	`cpe:2.3:a:apple:cups::::::::`
apple	cups	1.1	-	-	`cpe:2.3:a:apple:cups:1.1:::::::*`
apple	cups	1.1.1	-	-	`cpe:2.3:a:apple:cups:1.1.1:::::::*`
apple	cups	1.1.2	-	-	`cpe:2.3:a:apple:cups:1.1.2:::::::*`
apple	cups	1.1.3	-	-	`cpe:2.3:a:apple:cups:1.1.3:::::::*`
apple	cups	1.1.4	-	-	`cpe:2.3:a:apple:cups:1.1.4:::::::*`
apple	cups	1.1.5	-	-	`cpe:2.3:a:apple:cups:1.1.5:::::::*`
apple	cups	1.1.5-1	-	-	`cpe:2.3:a:apple:cups:1.1.5-1:::::::*`
apple	cups	1.1.5-2	-	-	`cpe:2.3:a:apple:cups:1.1.5-2:::::::*`
apple	cups	1.1.6	-	-	`cpe:2.3:a:apple:cups:1.1.6:::::::*`
apple	cups	1.1.6-1	-	-	`cpe:2.3:a:apple:cups:1.1.6-1:::::::*`
apple	cups	1.1.6-2	-	-	`cpe:2.3:a:apple:cups:1.1.6-2:::::::*`
apple	cups	1.1.6-3	-	-	`cpe:2.3:a:apple:cups:1.1.6-3:::::::*`
apple	cups	1.1.7	-	-	`cpe:2.3:a:apple:cups:1.1.7:::::::*`
apple	cups	1.1.8	-	-	`cpe:2.3:a:apple:cups:1.1.8:::::::*`
apple	cups	1.1.9	-	-	`cpe:2.3:a:apple:cups:1.1.9:::::::*`
apple	cups	1.1.9-1	-	-	`cpe:2.3:a:apple:cups:1.1.9-1:::::::*`
apple	cups	1.1.10	-	-	`cpe:2.3:a:apple:cups:1.1.10:::::::*`
apple	cups	1.1.10-1	-	-	`cpe:2.3:a:apple:cups:1.1.10-1:::::::*`
apple	cups	1.1.11	-	-	`cpe:2.3:a:apple:cups:1.1.11:::::::*`
apple	cups	1.1.12	-	-	`cpe:2.3:a:apple:cups:1.1.12:::::::*`
apple	cups	1.1.13	-	-	`cpe:2.3:a:apple:cups:1.1.13:::::::*`
apple	cups	1.1.14	-	-	`cpe:2.3:a:apple:cups:1.1.14:::::::*`
apple	cups	1.1.15	-	-	`cpe:2.3:a:apple:cups:1.1.15:::::::*`
apple	cups	1.1.16	-	-	`cpe:2.3:a:apple:cups:1.1.16:::::::*`
apple	cups	1.1.17	-	-	`cpe:2.3:a:apple:cups:1.1.17:::::::*`
apple	cups	1.1.18	-	-	`cpe:2.3:a:apple:cups:1.1.18:::::::*`
apple	cups	1.1.19	-	-	`cpe:2.3:a:apple:cups:1.1.19:::::::*`
apple	cups	1.1.20	-	-	`cpe:2.3:a:apple:cups:1.1.20:::::::*`
apple	cups	1.1.21	-	-	`cpe:2.3:a:apple:cups:1.1.21:::::::*`
apple	cups	1.1.22	-	-	`cpe:2.3:a:apple:cups:1.1.22:::::::*`
apple	cups	1.1.23	-	-	`cpe:2.3:a:apple:cups:1.1.23:::::::*`
apple	cups	1.2.0	-	-	`cpe:2.3:a:apple:cups:1.2.0:::::::*`
apple	cups	1.2.1	-	-	`cpe:2.3:a:apple:cups:1.2.1:::::::*`
apple	cups	1.2.2	-	-	`cpe:2.3:a:apple:cups:1.2.2:::::::*`
apple	cups	1.2.3	-	-	`cpe:2.3:a:apple:cups:1.2.3:::::::*`
apple	cups	1.2.4	-	-	`cpe:2.3:a:apple:cups:1.2.4:::::::*`
apple	cups	1.2.5	-	-	`cpe:2.3:a:apple:cups:1.2.5:::::::*`
apple	cups	1.2.6	-	-	`cpe:2.3:a:apple:cups:1.2.6:::::::*`
apple	cups	1.2.7	-	-	`cpe:2.3:a:apple:cups:1.2.7:::::::*`
apple	cups	1.2.8	-	-	`cpe:2.3:a:apple:cups:1.2.8:::::::*`
apple	cups	1.2.9	-	-	`cpe:2.3:a:apple:cups:1.2.9:::::::*`
apple	cups	1.2.10	-	-	`cpe:2.3:a:apple:cups:1.2.10:::::::*`
apple	cups	1.2.11	-	-	`cpe:2.3:a:apple:cups:1.2.11:::::::*`
apple	cups	1.2.12	-	-	`cpe:2.3:a:apple:cups:1.2.12:::::::*`
apple	cups	1.3.0	-	-	`cpe:2.3:a:apple:cups:1.3.0:::::::*`
apple	cups	1.3.1	-	-	`cpe:2.3:a:apple:cups:1.3.1:::::::*`
apple	cups	1.3.2	-	-	`cpe:2.3:a:apple:cups:1.3.2:::::::*`
apple	cups	1.3.3	-	-	`cpe:2.3:a:apple:cups:1.3.3:::::::*`
apple	cups	1.3.4	-	-	`cpe:2.3:a:apple:cups:1.3.4:::::::*`
apple	cups	1.3.5	-	-	`cpe:2.3:a:apple:cups:1.3.5:::::::*`
apple	cups	1.3.6	-	-	`cpe:2.3:a:apple:cups:1.3.6:::::::*`
apple	cups	1.3.7	-	-	`cpe:2.3:a:apple:cups:1.3.7:::::::*`
apple	cups	1.3.8	-	-	`cpe:2.3:a:apple:cups:1.3.8:::::::*`
apple	cups	1.3.10	-	-	`cpe:2.3:a:apple:cups:1.3.10:::::::*`
apple	cups	1.3.11	-	-	`cpe:2.3:a:apple:cups:1.3.11:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

DSA-1793 vendor-advisory
cve.org

访问

34963 third-party-advisory
cve.org

访问

DSA-1790 vendor-advisory
cve.org

访问

35037 third-party-advisory
cve.org

访问

ADV-2009-1077 vdb-entry
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

35064 third-party-advisory
cve.org

访问

ADV-2009-1066 vdb-entry
cve.org

访问

34481 third-party-advisory
cve.org

访问

oval:org.mitre.oval:def:9926 vdb-entry
cve.org

访问

SSA:2009-129-01 vendor-advisory
cve.org

访问

RHSA-2009:0431 vendor-advisory
cve.org

访问

ADV-2009-1065 vdb-entry
cve.org

访问

RHSA-2009:0430 vendor-advisory
cve.org

访问

FEDORA-2009-6972 vendor-advisory
cve.org

访问

35618 third-party-advisory
cve.org

访问

35065 third-party-advisory
cve.org

访问

RHSA-2009:0480 vendor-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

34568 vdb-entry
cve.org

访问

MDVSA-2011:175 vendor-advisory
cve.org

访问

VU#196617 third-party-advisory
cve.org

访问

ADV-2010-1040 vdb-entry
cve.org

访问

SUSE-SA:2009:024 vendor-advisory
cve.org

访问

RHSA-2009:0458 vendor-advisory
cve.org

访问

FEDORA-2009-6982 vendor-advisory
cve.org

访问

34991 third-party-advisory
cve.org

访问

MDVSA-2009:101 vendor-advisory
cve.org

访问

MDVSA-2010:087 vendor-advisory
cve.org

访问

SUSE-SR:2009:010 vendor-advisory
cve.org

访问

35685 third-party-advisory
cve.org

访问

ADV-2009-1076 vdb-entry
cve.org

访问

34756 third-party-advisory
cve.org

访问

34291 third-party-advisory
cve.org

访问

34755 third-party-advisory
cve.org

访问

34852 third-party-advisory
cve.org

访问

SUSE-SR:2009:012 vendor-advisory
cve.org

访问

FEDORA-2009-6973 vendor-advisory
cve.org

访问

34959 third-party-advisory
cve.org

访问

34746 third-party-advisory
cve.org

访问

RHSA-2009:0429 vendor-advisory
cve.org

访问

1022073 vdb-entry
cve.org

访问

CVSS评分详情

6.8

MEDIUM

CVSS向量: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS版本: 2.0

机密性

PARTIAL

完整性

PARTIAL

可用性

PARTIAL

时间信息

发布时间:

2009-04-23 17:00:00

修改时间:

2024-08-07 05:04:49

创建时间:

2025-11-11 15:33:00

更新时间:

2025-11-11 15:49:35

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2009-1180`	2025-11-11 15:18:09	2025-11-11 07:33:00
NVD	`nvd_CVE-2009-1180`	2025-11-11 14:52:59	2025-11-11 07:41:47
CNNVD	`cnnvd_CNNVD-200904-452`	2025-11-11 15:09:05	2025-11-11 07:49:35

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:49:35

vulnerability_type: 未提取 → 资源管理错误; cnnvd_id: 未提取 → CNNVD-200904-452; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 资源管理错误
cnnvd_id: 未提取 -> CNNVD-200904-452
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:47

cvss_score: 未提取 → 6.8; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 138; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 6.8
cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 138
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2009-1180 (CNNVD-200904-452)

中文标题:

Foolabs Xpdf解码器JBIG2残缺数据释放和拒绝服务攻击漏洞

英文标题:

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and ot...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史