{
  "threat_severity" : "Important",
  "public_date" : "2009-04-16T00:00:00Z",
  "bugzilla" : {
    "description" : "PDF JBIG2 MMR decoder buffer overflows",
    "id" : "495896",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file." ],
  "acknowledgement" : "Red Hat would like to thank Will Dormann (CERT/CC) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 3",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0430",
    "cpe" : "cpe:/o:redhat:enterprise_linux:3",
    "package" : "xpdf-1:2.02-14.el3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0429",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "cups-1:1.1.22-0.rc1.9.27.el4_7.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0430",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "xpdf-1:3.00-20.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0431",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "kdegraphics-7:3.3.1-13.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2009-04-30T00:00:00Z",
    "advisory" : "RHSA-2009:0458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "gpdf-0:2.8.2-7.7.2.el4_7.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-05-06T00:00:00Z",
    "advisory" : "RHSA-2010:0399",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "tetex-0:2.0.2-22.0.1.EL4.16"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0429",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "cups-1:1.3.7-8.el5_3.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-04-16T00:00:00Z",
    "advisory" : "RHSA-2009:0431",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kdegraphics-7:3.5.4-12.el5_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-05-13T00:00:00Z",
    "advisory" : "RHSA-2009:0480",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "poppler-0:0.5.4-4.4.el5_3.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-05-06T00:00:00Z",
    "advisory" : "RHSA-2010:0400",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "tetex-0:3.0-33.8.el5_5.5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-1182\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1182" ],
  "name" : "CVE-2009-1182",
  "csaw" : false
}