CVE-2009-0165

Name	CVE-2009-0165
Description	Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
References	DSA-1790-1, DSA-1793-1
NVD severity	high (attack range: remote)
Debian Bugs	524809, 528369

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
xpdf (PTS)	wheezy	3.03-10	fixed
	jessie	3.03-17	fixed
	stretch, sid	3.04-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
kdegraphics	source	(unstable)	4:4.0	low		528369
kdegraphics	source	etch	4:3.5.5-3etch3	high	DSA-1793-1
kdegraphics	source	lenny	4:3.5.9-3+lenny1	high	DSA-1793-1
xpdf	source	(unstable)	3.02-1.4+lenny1	low		524809
xpdf	source	etch	3.01-9.1+etch6	high	DSA-1790-1
xpdf	source	lenny	3.02-1.4+lenny1	high	DSA-1790-1
xpdf	source	squeeze	3.02-1.4+lenny1	high