CVE-2009-0165

critical

Description

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50377

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2009/1297

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.securityfocus.com/bid/34568

http://www.mandriva.com/security/advisories?name=MDVSA-2009:101

http://www.debian.org/security/2009/dsa-1793

http://www.debian.org/security/2009/dsa-1790

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT3549

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477

http://secunia.com/advisories/35685

http://secunia.com/advisories/35074

http://secunia.com/advisories/35065

http://secunia.com/advisories/35037

http://secunia.com/advisories/34991

http://secunia.com/advisories/34959

http://secunia.com/advisories/34852

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://bugs.gentoo.org/show_bug.cgi?id=263028

Details

Source: Mitre, NVD

Published: 2009-04-23

Updated: 2019-03-06

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H