CVE-2009-0165

NameCVE-2009-0165
DescriptionInteger overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1790-1, DSA-1793-1
NVD severityhigh (attack range: remote)
Debian Bugs524809, 528369

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xpdf (PTS)jessie3.03-17fixed
stretch3.04-4fixed
buster, sid3.04-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdegraphicssource(unstable)4:4.0low528369
kdegraphicssourceetch4:3.5.5-3etch3highDSA-1793-1
kdegraphicssourcelenny4:3.5.9-3+lenny1highDSA-1793-1
xpdfsource(unstable)3.02-1.4+lenny1low524809
xpdfsourceetch3.01-9.1+etch6highDSA-1790-1
xpdfsourcelenny3.02-1.4+lenny1highDSA-1790-1
xpdfsourcesqueeze3.02-1.4+lenny1high
Search for package or bug name: Reporting problems