CVE-2009-0165
NONE EPSS 88.0%
Published Apr 23, 200917y ago · Modified Jun 16, 20262w ago
Published Apr 23, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
Threat Intelligence
EPSS Exploit Probability
88.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-189
Affected Products 36
| Vendor | Product | Version | Range |
|---|---|---|---|
| foolabs | xpdf | 0.5a | any |
| foolabs | xpdf | 0.7a | any |
| foolabs | xpdf | 0.91a | any |
| foolabs | xpdf | 0.91b | any |
| foolabs | xpdf | 0.91c | any |
| foolabs | xpdf | 0.92a | any |
| foolabs | xpdf | 0.92b | any |
| foolabs | xpdf | 0.92c | any |
| foolabs | xpdf | 0.92d | any |
| foolabs | xpdf | 0.92e | any |
| foolabs | xpdf | 0.93a | any |
| foolabs | xpdf | 0.93b | any |
| foolabs | xpdf | 0.93c | any |
| foolabs | xpdf | 1.00a | any |
| foolabs | xpdf | 3.0.1 | any |
| glyphandcog | xpdfreader | * | ≤3.02 |
| glyphandcog | xpdfreader | 0.2 | any |
| glyphandcog | xpdfreader | 0.3 | any |
| glyphandcog | xpdfreader | 0.4 | any |
| glyphandcog | xpdfreader | 0.5 | any |
| glyphandcog | xpdfreader | 0.6 | any |
| glyphandcog | xpdfreader | 0.7 | any |
| glyphandcog | xpdfreader | 0.80 | any |
| glyphandcog | xpdfreader | 0.90 | any |
| glyphandcog | xpdfreader | 0.91 | any |
| glyphandcog | xpdfreader | 0.92 | any |
| glyphandcog | xpdfreader | 0.93 | any |
| glyphandcog | xpdfreader | 1.00 | any |
| glyphandcog | xpdfreader | 1.01 | any |
| glyphandcog | xpdfreader | 2.00 | any |
| glyphandcog | xpdfreader | 2.01 | any |
| glyphandcog | xpdfreader | 2.02 | any |
| glyphandcog | xpdfreader | 2.03 | any |
| glyphandcog | xpdfreader | 3.00 | any |
| glyphandcog | xpdfreader | 3.01 | any |
| poppler | poppler | * | any |
References 24
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=263028
- lists.apple.com http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- secunia.com http://secunia.com/advisories/34852
- secunia.com http://secunia.com/advisories/34959
- secunia.com http://secunia.com/advisories/34991
- secunia.com http://secunia.com/advisories/35037
- secunia.com http://secunia.com/advisories/35065
- secunia.com http://secunia.com/advisories/35074
- secunia.com http://secunia.com/advisories/35685
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
- support.apple.com http://support.apple.com/kb/HT3549
- support.apple.com http://support.apple.com/kb/HT3639
- debian.org http://www.debian.org/security/2009/dsa-1790
- debian.org http://www.debian.org/security/2009/dsa-1793
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
- securityfocus.com http://www.securityfocus.com/bid/34568
- us-cert.gov http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- vupen.com http://www.vupen.com/english/advisories/2009/1297
- vupen.com http://www.vupen.com/english/advisories/2009/1621
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/50377
Remediation
- bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=263028