CVE-2009-0146 in Ubuntu

CVE-2009-0146

Priority

Description

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
CUPS 1.3.9 and earlier, and other products allow remote attackers to cause
a denial of service (crash) via a crafted PDF file, related to (1)
JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
https://ubuntu.com/security/notices/USN-759-1
https://ubuntu.com/security/notices/USN-973-1

Assigned-to

mdeslaur

Notes

jdstrand	CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops)
sbeattie	ipe uses pdflatex from tetex-bin \| texlive-latex-base libextractor: all references to JBIG2 are commented out

Package

Source: cups (LP Ubuntu Debian)

Priority: Negligible

Upstream:	released (1.3.10)
Ubuntu 16.04 ESM (Xenial Xerus):	not-affected
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected)

Patches:

Package

Source: cupsys (LP Ubuntu Debian)

Priority: Negligible

Upstream:	released (1.3.10)
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: evince (LP Ubuntu Debian)

Upstream:	not-affected (linked to poppler)
Ubuntu 16.04 ESM (Xenial Xerus):	not-affected (linked to poppler)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (linked to poppler)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [linked to poppler])

Patches:

Package

Source: gpdf (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: ipe (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (uses system pdflatex)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [uses system pdflatex])

Patches:

Package

Source: kdegraphics (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: koffice (LP Ubuntu Debian)

Priority: Low

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: libextractor (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [code not present])

Patches:

Package

Source: pdfkit.framework (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: pdftohtml (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: poppler (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 16.04 ESM (Xenial Xerus):	released (0.10.5-1ubuntu2)
Ubuntu 22.04 LTS (Jammy Jellyfish):	released (0.10.5-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [0.10.5-1ubuntu2])

Patches:

Package

Source: tetex-bin (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE

Patches:

Package

Source: texlive-bin (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 16.04 ESM (Xenial Xerus):	not-affected (linked to poppler)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (linked to poppler)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [linked to poppler])

Patches:

Package

Source: xpdf (LP Ubuntu Debian)

Upstream:	released (3.02-2)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (3.02-2)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [3.02-2])

Patches:

More Information

Updated: 2022-02-10 23:35:53 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)