CVE-2009-0165

Published: Apr 23, 2009Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

Affected (35)

Products: Foolabs: Xpdf · Glyphandcog: Xpdfreader

1 product

1 product

Configuration A

35 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foolabs Xpdf	Version 0.5a
Foolabs Xpdf	Version 0.7a
Foolabs Xpdf	Version 0.91a
Foolabs Xpdf	Version 0.91b
Foolabs Xpdf	Version 0.91c
Foolabs Xpdf	Version 0.92a
Foolabs Xpdf	Version 0.92b
Foolabs Xpdf	Version 0.92c
Foolabs Xpdf	Version 0.92d
Foolabs Xpdf	Version 0.92e
Foolabs Xpdf	Version 0.93a
Foolabs Xpdf	Version 0.93b
Foolabs Xpdf	Version 0.93c
Foolabs Xpdf	Version 1.00a
Foolabs Xpdf	Version 3.0.1
Glyphandcog Xpdfreader	Up to 3.02
Glyphandcog Xpdfreader	Version 0.2
Glyphandcog Xpdfreader	Version 0.3
Glyphandcog Xpdfreader	Version 0.4
Glyphandcog Xpdfreader	Version 0.5
Glyphandcog Xpdfreader	Version 0.6
Glyphandcog Xpdfreader	Version 0.7
Glyphandcog Xpdfreader	Version 0.80
Glyphandcog Xpdfreader	Version 0.90
Glyphandcog Xpdfreader	Version 0.91
Glyphandcog Xpdfreader	Version 0.92
Glyphandcog Xpdfreader	Version 0.93
Glyphandcog Xpdfreader	Version 1.00
Glyphandcog Xpdfreader	Version 1.01
Glyphandcog Xpdfreader	Version 2.00
Glyphandcog Xpdfreader	Version 2.01
Glyphandcog Xpdfreader	Version 2.02
Glyphandcog Xpdfreader	Version 2.03
Glyphandcog Xpdfreader	Version 3.00
Glyphandcog Xpdfreader	Version 3.01

Running on/with	Platform Versions
Poppler Poppler	All versions

Related CWEs

References (48)

http://bugs.gentoo.org/show_bug.cgi?id=263028

Source: cve@mitre.org

Patch

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/34852

Source: cve@mitre.org

http://secunia.com/advisories/34959

Source: cve@mitre.org

http://secunia.com/advisories/34991

Source: cve@mitre.org

http://secunia.com/advisories/35037

Source: cve@mitre.org

http://secunia.com/advisories/35065

Source: cve@mitre.org

http://secunia.com/advisories/35074

Source: cve@mitre.org

http://secunia.com/advisories/35685

Source: cve@mitre.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

Source: cve@mitre.org

http://support.apple.com/kb/HT3549

Source: cve@mitre.org

http://support.apple.com/kb/HT3639

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1790

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1793

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

Source: cve@mitre.org

http://www.securityfocus.com/bid/34568

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1621

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/50377

Source: cve@mitre.org

http://bugs.gentoo.org/show_bug.cgi?id=263028

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34852

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34959

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34991

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35037

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35065

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35074

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35685

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3549

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3639

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1790

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1793

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34568

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1621

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/50377

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.