| Name | CVE-2009-0800 |
| Description | Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1790-1, DSA-1793-1 |
| Debian Bugs | 524806, 524809, 524810 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| poppler (PTS) | bullseye (security), bullseye | 20.09.0-3.1+deb11u1 | fixed |
| bookworm | 22.12.0-2 | fixed | |
| sid, trixie | 24.08.0-3 | fixed | |
| xpdf (PTS) | bullseye | 3.04+git20210103-3 | fixed |
| bookworm | 3.04+git20220601-1 | fixed | |
| sid, trixie | 3.04+git20240613-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| kdegraphics | source | etch | 4:3.5.5-3etch3 | DSA-1793-1 | ||
| kdegraphics | source | lenny | 4:3.5.9-3+lenny1 | DSA-1793-1 | ||
| kdegraphics | source | (unstable) | 4:4.0 | medium | 524810 | |
| poppler | source | lenny | 0.8.7-2 | |||
| poppler | source | (unstable) | 0.10.6-1 | medium | 524806 | |
| swftools | source | (unstable) | 0.9.2+ds1-2 | |||
| xpdf | source | etch | 3.01-9.1+etch6 | DSA-1790-1 | ||
| xpdf | source | lenny | 3.02-1.4+lenny1 | DSA-1790-1 | ||
| xpdf | source | squeeze | 3.02-1.4+lenny1 | |||
| xpdf | source | (unstable) | 3.02-1.4+lenny1 | medium | 524809 |