CVE-2009-0756
Published: 3 March 2009
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
Notes
Author | Note |
---|---|
mdeslaur | patch was replaced in a later fix (see second commit) later fix was in USN-759-1 |
Priority
Status
Package | Release | Status |
---|---|---|
poppler Launchpad, Ubuntu, Debian |
dapper |
Released
(0.5.1-0ubuntu7.5)
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Released
(0.6.4-1ubuntu3.2)
|
|
intrepid |
Released
(0.8.7-1ubuntu0.2)
|
|
jaunty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=d3f04f537fb3e963c149a7e2d8d83c7cb19da8c0 upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=9f1312f3d7dfa7e536606a7c7296b7c876b11c00 (newer) |