Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-0756

Published: 3 March 2009

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

Notes

AuthorNote
mdeslaur
patch was replaced in a later fix (see second commit)
later fix was in USN-759-1

Priority

Low

Status

Package Release Status
poppler
Launchpad, Ubuntu, Debian
dapper
Released (0.5.1-0ubuntu7.5)
gutsy Ignored
(end of life, was needs-triage)
hardy
Released (0.6.4-1ubuntu3.2)
intrepid
Released (0.8.7-1ubuntu0.2)
jaunty Not vulnerable

upstream Needs triage

Patches:
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=d3f04f537fb3e963c149a7e2d8d83c7cb19da8c0
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=9f1312f3d7dfa7e536606a7c7296b7c876b11c00 (newer)