CVE-2009-0165

NameCVE-2009-0165
DescriptionInteger overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1790-1, DSA-1793-1
NVD severityhigh (attack range: remote)
Debian Bugs524809, 528369

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xpdf (PTS)wheezy3.03-10fixed
jessie3.03-17fixed
buster, sid, stretch3.04-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdegraphicssource(unstable)4:4.0low528369
kdegraphicssourceetch4:3.5.5-3etch3highDSA-1793-1
kdegraphicssourcelenny4:3.5.9-3+lenny1highDSA-1793-1
xpdfsource(unstable)3.02-1.4+lenny1low524809
xpdfsourceetch3.01-9.1+etch6highDSA-1790-1
xpdfsourcelenny3.02-1.4+lenny1highDSA-1790-1
xpdfsourcesqueeze3.02-1.4+lenny1high
Search for package or bug name: Reporting problems