CVE-2009-0165

NameCVE-2009-0165
DescriptionInteger overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1790-1, DSA-1793-1
Debian Bugs524809, 528369

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xpdf (PTS)bullseye3.04+git20210103-3fixed
bookworm3.04+git20220601-1fixed
sid, trixie3.04+git20240613-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdegraphicssourceetch4:3.5.5-3etch3DSA-1793-1
kdegraphicssourcelenny4:3.5.9-3+lenny1DSA-1793-1
kdegraphicssource(unstable)4:4.0low528369
xpdfsourceetch3.01-9.1+etch6DSA-1790-1
xpdfsourcelenny3.02-1.4+lenny1DSA-1790-1
xpdfsourcesqueeze3.02-1.4+lenny1
xpdfsource(unstable)3.02-1.4+lenny1low524809

Search for package or bug name: Reporting problems