CVE-2009-0165

CWE-1896 documents6 sources

Severity

10.0CRITICAL

EPSS

1.8%

top 17.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glyphandcog Xpdfreader Foolabs Xpdf

Timeline

PublishedApr 23

Latest updateMay 2

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶Debianxpdf< 3.02-1.4+lenny1+3

▶NVDglyphandcog/xpdfreader3.02+19

▶NVDfoolabs/xpdf15 versions+14

Patches

Patch: bugs.gentoo.org ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-qx4p-wc3g-wr66: Integer overflow in the JBIG2 decoder in Xpdf 3↗2022-05-02

▶

OSV

CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3↗2009-04-23

▶

CVEList

CVE-2009-0165: Integer overflow in the JBIG2 decoder in Xpdf 3↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

KOffice vulnerabilities↗2010-08-17

▶

Debian

CVE-2009-0165: xpdf - Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Po...↗2009

▶