CVE-2009-0800

NameCVE-2009-0800
DescriptionMultiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1790-1, DSA-1793-1
Debian Bugs524806, 524809, 524810

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
poppler (PTS)buster0.71.0-5fixed
bullseye20.09.0-3.1fixed
bookworm, sid22.02.0-3fixed
xpdf (PTS)buster3.04-13fixed
bullseye3.04+git20210103-3fixed
bookworm, sid3.04+git20220601-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdegraphicssourceetch4:3.5.5-3etch3DSA-1793-1
kdegraphicssourcelenny4:3.5.9-3+lenny1DSA-1793-1
kdegraphicssource(unstable)4:4.0medium524810
popplersourcelenny0.8.7-2
popplersource(unstable)0.10.6-1medium524806
swftoolssource(unstable)0.9.2+ds1-2
xpdfsourceetch3.01-9.1+etch6DSA-1790-1
xpdfsourcelenny3.02-1.4+lenny1DSA-1790-1
xpdfsourcesqueeze3.02-1.4+lenny1
xpdfsource(unstable)3.02-1.4+lenny1medium524809

Search for package or bug name: Reporting problems