CVE-2009-0147
Published: 23 April 2009
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
Notes
| Author | Note |
|---|---|
| jdstrand | CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) |
| sbeattie | ipe uses pdflatex from tetex-bin | texlive-latex-base |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cups Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Ignored
|
|
| jaunty |
Ignored
|
|
| karmic |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| lucid |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| maverick |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| natty |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| oneiric |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| precise |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| quantal |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| raring |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| saucy |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.4.1-5ubuntu2])
|
|
| upstream |
Released
(1.3.10)
|
|
| utopic |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| vivid |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| wily |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
| xenial |
Not vulnerable
(1.4.1-5ubuntu2)
|
|
|
cupsys Launchpad, Ubuntu, Debian |
dapper |
Ignored
|
| gutsy |
Ignored
|
|
| hardy |
Ignored
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(1.3.10)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
evince Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(linked to poppler)
|
| gutsy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| intrepid |
Not vulnerable
(linked to poppler)
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Not vulnerable
(linked to poppler)
|
|
| precise |
Not vulnerable
(linked to poppler)
|
|
| quantal |
Not vulnerable
(linked to poppler)
|
|
| raring |
Not vulnerable
(linked to poppler)
|
|
| saucy |
Not vulnerable
(linked to poppler)
|
|
| trusty |
Does not exist
(trusty was not-affected [linked to poppler])
|
|
| upstream |
Not vulnerable
(linked to poppler)
|
|
| utopic |
Not vulnerable
(linked to poppler)
|
|
| vivid |
Not vulnerable
(linked to poppler)
|
|
| wily |
Not vulnerable
(linked to poppler)
|
|
| xenial |
Not vulnerable
(linked to poppler)
|
|
|
gpdf Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
ipe Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Not vulnerable
(uses system pdflatex)
|
|
| intrepid |
Ignored
(end of life, was needs-triage)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Not vulnerable
(uses system pdflatex)
|
|
| maverick |
Not vulnerable
(uses system pdflatex)
|
|
| natty |
Not vulnerable
(uses system pdflatex)
|
|
| oneiric |
Not vulnerable
(uses system pdflatex)
|
|
| precise |
Not vulnerable
(uses system pdflatex)
|
|
| quantal |
Not vulnerable
(uses system pdflatex)
|
|
| raring |
Not vulnerable
(uses system pdflatex)
|
|
| saucy |
Not vulnerable
(uses system pdflatex)
|
|
| trusty |
Does not exist
(trusty was not-affected [uses system pdflatex])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(uses system pdflatex)
|
|
| vivid |
Not vulnerable
(uses system pdflatex)
|
|
| wily |
Not vulnerable
(uses system pdflatex)
|
|
| xenial |
Not vulnerable
(uses system pdflatex)
|
|
|
kdegraphics Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(linked to poppler)
|
| gutsy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| intrepid |
Not vulnerable
(linked to poppler)
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
koffice Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Released
(1:1.6.3-7ubuntu6.1)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
libextractor Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needs-triage)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(code not present)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Not vulnerable
(code not present)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
pdfkit.framework Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
pdftohtml Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
poppler Launchpad, Ubuntu, Debian |
dapper |
Released
(0.5.1-0ubuntu7.5)
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Released
(0.6.4-1ubuntu3.2)
|
|
| intrepid |
Released
(0.8.7-1ubuntu0.2)
|
|
| jaunty |
Released
(0.10.5-1ubuntu2)
|
|
| karmic |
Released
(0.10.5-1ubuntu2)
|
|
| lucid |
Released
(0.10.5-1ubuntu2)
|
|
| maverick |
Released
(0.10.5-1ubuntu2)
|
|
| natty |
Released
(0.10.5-1ubuntu2)
|
|
| oneiric |
Released
(0.10.5-1ubuntu2)
|
|
| precise |
Released
(0.10.5-1ubuntu2)
|
|
| quantal |
Released
(0.10.5-1ubuntu2)
|
|
| raring |
Released
(0.10.5-1ubuntu2)
|
|
| saucy |
Released
(0.10.5-1ubuntu2)
|
|
| trusty |
Released
(0.10.5-1ubuntu2)
|
|
| upstream |
Needs triage
|
|
| utopic |
Released
(0.10.5-1ubuntu2)
|
|
| vivid |
Released
(0.10.5-1ubuntu2)
|
|
| wily |
Released
(0.10.5-1ubuntu2)
|
|
| xenial |
Released
(0.10.5-1ubuntu2)
|
|
|
tetex-bin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(linked to poppler)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| intrepid |
Not vulnerable
(linked to poppler)
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Not vulnerable
(linked to poppler)
|
|
| precise |
Not vulnerable
(linked to poppler)
|
|
| quantal |
Not vulnerable
(linked to poppler)
|
|
| raring |
Not vulnerable
(linked to poppler)
|
|
| saucy |
Not vulnerable
(linked to poppler)
|
|
| trusty |
Does not exist
(trusty was not-affected [linked to poppler])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(linked to poppler)
|
|
| vivid |
Not vulnerable
(linked to poppler)
|
|
| wily |
Not vulnerable
(linked to poppler)
|
|
| xenial |
Not vulnerable
(linked to poppler)
|
|
|
xpdf Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needs-triage)
|
|
| jaunty |
Released
(3.02-1.4ubuntu2.9.04.1)
|
|
| karmic |
Released
(3.02-1.4ubuntu2.9.10.1)
|
|
| lucid |
Not vulnerable
(3.02-2)
|
|
| maverick |
Not vulnerable
(3.02-2)
|
|
| natty |
Not vulnerable
(3.02-2)
|
|
| oneiric |
Not vulnerable
(3.02-2)
|
|
| precise |
Not vulnerable
(3.02-2)
|
|
| quantal |
Not vulnerable
(3.02-2)
|
|
| raring |
Not vulnerable
(3.02-2)
|
|
| saucy |
Not vulnerable
(3.02-2)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.02-2])
|
|
| upstream |
Released
(3.02-2)
|
|
| utopic |
Not vulnerable
(3.02-2)
|
|
| vivid |
Not vulnerable
(3.02-2)
|
|
| wily |
Not vulnerable
(3.02-2)
|
|
| xenial |
Not vulnerable
(3.02-2)
|