CVE-2009-0756

EUVD-2009-0756
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
popplerpoppler
𝑥
≤ 0.10.3
popplerpoppler
0.1
popplerpoppler
0.1.1
popplerpoppler
0.1.2
popplerpoppler
0.2.0
popplerpoppler
0.3.0
popplerpoppler
0.3.1
popplerpoppler
0.3.2
popplerpoppler
0.3.3
popplerpoppler
0.4.0
popplerpoppler
0.4.1
popplerpoppler
0.4.2
popplerpoppler
0.4.3
popplerpoppler
0.4.4
popplerpoppler
0.5.0
popplerpoppler
0.5.1
popplerpoppler
0.5.2
popplerpoppler
0.5.3
popplerpoppler
0.5.4
popplerpoppler
0.5.9
popplerpoppler
0.5.90
popplerpoppler
0.5.91
popplerpoppler
0.6.0
popplerpoppler
0.6.1
popplerpoppler
0.6.2
popplerpoppler
0.6.3
popplerpoppler
0.6.4
popplerpoppler
0.7.0
popplerpoppler
0.7.1
popplerpoppler
0.7.2
popplerpoppler
0.7.3
popplerpoppler
0.8.4
popplerpoppler
0.10.1
popplerpoppler
0.10.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
etch
no-dsa
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poppler
dapper
Fixed 0.5.1-0ubuntu7.5
released
gutsy
ignored
hardy
Fixed 0.6.4-1ubuntu3.2
released
intrepid
Fixed 0.8.7-1ubuntu0.2
released
jaunty
not-affected
References
http://bugs.freedesktop.org/show_bug.cgi?id=19702
http://lists.freedesktop.org/archives/poppler/2009-January/004403.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/33853
http://secunia.com/advisories/35685
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.openwall.com/lists/oss-security/2009/02/13/1
http://www.openwall.com/lists/oss-security/2009/02/19/2
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/33749
http://bugs.freedesktop.org/show_bug.cgi?id=19702
http://lists.freedesktop.org/archives/poppler/2009-January/004403.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/33853
http://secunia.com/advisories/35685
http://wiki.rpath.com/Advisories:rPSA-2009-0059
http://www.openwall.com/lists/oss-security/2009/02/13/1
http://www.openwall.com/lists/oss-security/2009/02/19/2
http://www.securityfocus.com/archive/1/502761/100/0/threaded
http://www.securityfocus.com/bid/33749