CVE-2009-1188 [Medium] | Denial of Service in Poppler

CVE-2009-1188 is rated Moderate Risk (56.3/100): CVSS Medium severity, with high exploitation likelihood (EPSS 21.98%, 96th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.80% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-02-03	19.18%	21.98%	+2.80%
2	2026-01-06	12.05%	19.18%	+7.13%
3	2025-11-09	—	12.05%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-02-03

19.18%

21.98%

+2.80%

2026-01-06

12.05%

19.18%

+7.13%

2025-11-09

—

12.05%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

2.9

[email protected]

OS Trackers for CVE-2009-1188

vendor	priority	summary	link
`debian`	medium	CVE-2009-1188 medium priority: Debian including 2 source packages (poppler, xpdf), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.	https://security-tracker.debian.org/tracker/CVE-2009-1188
`gentoo`	normal	CVE-2009-1188: 1 GLSA(s) (201310-03), 1 atom(s) (app-text/poppler); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-1188
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2009-1188
`suse`	medium	CVE-2009-1188 severity moderate: SUSE including 95 source package names (cups, cups-client, …), 202 product×package rows across 51 product lines (SLES for SAP Applications 11 SP2, SLES for SAP Applications 11 SP3, … (51 product lines)): Fixed 155, Known Not Affected 47.	https://www.suse.com/security/cve/CVE-2009-1188/
`ubuntu`	medium	CVE-2009-1188 medium priority: Ubuntu including 14 source packages (cups, cupsys, …), 476 status rows across 34 suites (artful, bionic, cosmic, dapper, disco, eoan, focal, groovy, gutsy, hardy, hirsute, impish, intrepid, jammy, jaunty, karmic, kinetic, lucid, lunar, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 216, not-affected 173, ignored 40 (5 distinct statuses).	https://ubuntu.com/security/CVE-2009-1188

Affected software / configurations for CVE-2009-1188

Vendor	Product	Version	Raw CPE
poppler	poppler	<= 0.10.5	cpe:2.3:a:poppler:poppler::::::::
poppler	poppler	0.1	cpe:2.3:a:poppler:poppler:0.1:::::::*
poppler	poppler	0.1.1	cpe:2.3:a:poppler:poppler:0.1.1:::::::*
poppler	poppler	0.1.2	cpe:2.3:a:poppler:poppler:0.1.2:::::::*
poppler	poppler	0.2.0	cpe:2.3:a:poppler:poppler:0.2.0:::::::*
poppler	poppler	0.3.0	cpe:2.3:a:poppler:poppler:0.3.0:::::::*
poppler	poppler	0.3.1	cpe:2.3:a:poppler:poppler:0.3.1:::::::*
poppler	poppler	0.3.2	cpe:2.3:a:poppler:poppler:0.3.2:::::::*
poppler	poppler	0.3.3	cpe:2.3:a:poppler:poppler:0.3.3:::::::*
poppler	poppler	0.4.0	cpe:2.3:a:poppler:poppler:0.4.0:::::::*
poppler	poppler	0.4.1	cpe:2.3:a:poppler:poppler:0.4.1:::::::*
poppler	poppler	0.4.2	cpe:2.3:a:poppler:poppler:0.4.2:::::::*
poppler	poppler	0.4.3	cpe:2.3:a:poppler:poppler:0.4.3:::::::*
poppler	poppler	0.4.4	cpe:2.3:a:poppler:poppler:0.4.4:::::::*
poppler	poppler	0.5.0	cpe:2.3:a:poppler:poppler:0.5.0:::::::*
poppler	poppler	0.5.1	cpe:2.3:a:poppler:poppler:0.5.1:::::::*
poppler	poppler	0.5.2	cpe:2.3:a:poppler:poppler:0.5.2:::::::*
poppler	poppler	0.5.3	cpe:2.3:a:poppler:poppler:0.5.3:::::::*
poppler	poppler	0.5.4	cpe:2.3:a:poppler:poppler:0.5.4:::::::*
poppler	poppler	0.5.9	cpe:2.3:a:poppler:poppler:0.5.9:::::::*
poppler	poppler	0.5.90	cpe:2.3:a:poppler:poppler:0.5.90:::::::*
poppler	poppler	0.5.91	cpe:2.3:a:poppler:poppler:0.5.91:::::::*
poppler	poppler	0.6.0	cpe:2.3:a:poppler:poppler:0.6.0:::::::*
poppler	poppler	0.6.1	cpe:2.3:a:poppler:poppler:0.6.1:::::::*
poppler	poppler	0.6.2	cpe:2.3:a:poppler:poppler:0.6.2:::::::*
poppler	poppler	0.6.3	cpe:2.3:a:poppler:poppler:0.6.3:::::::*
poppler	poppler	0.6.4	cpe:2.3:a:poppler:poppler:0.6.4:::::::*
poppler	poppler	0.7.0	cpe:2.3:a:poppler:poppler:0.7.0:::::::*
poppler	poppler	0.7.1	cpe:2.3:a:poppler:poppler:0.7.1:::::::*
poppler	poppler	0.7.2	cpe:2.3:a:poppler:poppler:0.7.2:::::::*
poppler	poppler	0.7.3	cpe:2.3:a:poppler:poppler:0.7.3:::::::*
poppler	poppler	0.8.0	cpe:2.3:a:poppler:poppler:0.8.0:::::::*
poppler	poppler	0.8.1	cpe:2.3:a:poppler:poppler:0.8.1:::::::*
poppler	poppler	0.8.2	cpe:2.3:a:poppler:poppler:0.8.2:::::::*
poppler	poppler	0.8.3	cpe:2.3:a:poppler:poppler:0.8.3:::::::*
poppler	poppler	0.8.4	cpe:2.3:a:poppler:poppler:0.8.4:::::::*
poppler	poppler	0.8.5	cpe:2.3:a:poppler:poppler:0.8.5:::::::*
poppler	poppler	0.8.6	cpe:2.3:a:poppler:poppler:0.8.6:::::::*
poppler	poppler	0.8.7	cpe:2.3:a:poppler:poppler:0.8.7:::::::*
poppler	poppler	0.9.0	cpe:2.3:a:poppler:poppler:0.9.0:::::::*
poppler	poppler	0.9.1	cpe:2.3:a:poppler:poppler:0.9.1:::::::*
poppler	poppler	0.9.2	cpe:2.3:a:poppler:poppler:0.9.2:::::::*
poppler	poppler	0.9.3	cpe:2.3:a:poppler:poppler:0.9.3:::::::*
poppler	poppler	0.10.0	cpe:2.3:a:poppler:poppler:0.10.0:::::::*
poppler	poppler	0.10.1	cpe:2.3:a:poppler:poppler:0.10.1:::::::*
poppler	poppler	0.10.2	cpe:2.3:a:poppler:poppler:0.10.2:::::::*
poppler	poppler	0.10.3	cpe:2.3:a:poppler:poppler:0.10.3:::::::*
poppler	poppler	0.10.4	cpe:2.3:a:poppler:poppler:0.10.4:::::::*

References for CVE-2009-1188

URL	Tags
http://bugs.gentoo.org/show_bug.cgi?id=263028#c16	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://poppler.freedesktop.org/releases.html
http://secunia.com/advisories/34746
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37053
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.kb.cert.org/vuls/id/196617	US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/34568
http://www.vupen.com/english/advisories/2009/1076
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1040
http://www.vupen.com/english/advisories/2010/1220
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/361875
https://bugzilla.redhat.com/show_bug.cgi?id=495907
https://bugzilla.redhat.com/show_bug.cgi?id=526915
https://exchange.xforce.ibmcloud.com/vulnerabilities/50185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9957
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html

URL

CVE-2009-1188

Exploit prediction scoring system (EPSS) score for CVE-2009-1188

Common vulnerability scoring system (CVSS) metrics for CVE-2009-1188

Weakness enumeration for CVE-2009-1188

OS Trackers for CVE-2009-1188

Affected software / configurations for CVE-2009-1188

References for CVE-2009-1188