What is the severity of CVE-2009-0165?

The severity of CVE-2009-0165 is considered to be relatively high due to its potential for exploitation in specific environments.

How do I fix CVE-2009-0165?

To fix CVE-2009-0165, upgrade to a version of Xpdf or XpdfReader that is newer than 3.02, as these versions contain the necessary patches.

What impact does CVE-2009-0165 have on my system?

CVE-2009-0165 can potentially allow an attacker to execute arbitrary code or cause denial of service on affected systems via specially crafted files.

Which versions of Xpdf are affected by CVE-2009-0165?

Affected versions of Xpdf include 0.5a, 0.7a, 0.91a, 0.91b, 0.91c, 0.92a, 0.92b, 0.92c, 0.92d, 0.92e, 0.93a, 0.93b, 0.93c, and all versions up to 3.02.

Is Poppler affected by CVE-2009-0165?

No, the Poppler library itself is not affected by CVE-2009-0165 as it does not contain the vulnerable JBIG2 decoder.

Vulnerability/
CVE-2009-0165

critical

CWE

189 190

23/4/2009

6/3/2019

CVE-2009-0165: Integer Overflow

First published: Thu Apr 23 2009(Updated: )

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Xpdf	=0.5a
Xpdf	=0.7a
Xpdf	=0.91a
Xpdf	=0.91b
Xpdf	=0.91c
Xpdf	=0.92a
Xpdf	=0.92b
Xpdf	=0.92c
Xpdf	=0.92d
Xpdf	=0.92e
Xpdf	=0.93a
Xpdf	=0.93b
Xpdf	=0.93c
Xpdf	=1.00a
Xpdf	=3.0.1
Glyph & Cog XpdfReader	<=3.02
Glyph & Cog XpdfReader	=0.2
Glyph & Cog XpdfReader	=0.3
Glyph & Cog XpdfReader	=0.4
Glyph & Cog XpdfReader	=0.5
Glyph & Cog XpdfReader	=0.6
Glyph & Cog XpdfReader	=0.7
Glyph & Cog XpdfReader	=0.80
Glyph & Cog XpdfReader	=0.90
Glyph & Cog XpdfReader	=0.91
Glyph & Cog XpdfReader	=0.92
Glyph & Cog XpdfReader	=0.93
Glyph & Cog XpdfReader	=1.00
Glyph & Cog XpdfReader	=1.01
Glyph & Cog XpdfReader	=2.00
Glyph & Cog XpdfReader	=2.01
Glyph & Cog XpdfReader	=2.02
Glyph & Cog XpdfReader	=2.03
Glyph & Cog XpdfReader	=3.00
Glyph & Cog XpdfReader	=3.01
Poppler Data

Remedy

http://bugs.gentoo.org/show_bug.cgi?id=263028

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0165?
The severity of CVE-2009-0165 is considered to be relatively high due to its potential for exploitation in specific environments.
How do I fix CVE-2009-0165?
To fix CVE-2009-0165, upgrade to a version of Xpdf or XpdfReader that is newer than 3.02, as these versions contain the necessary patches.
What impact does CVE-2009-0165 have on my system?
CVE-2009-0165 can potentially allow an attacker to execute arbitrary code or cause denial of service on affected systems via specially crafted files.
Which versions of Xpdf are affected by CVE-2009-0165?
Affected versions of Xpdf include 0.5a, 0.7a, 0.91a, 0.91b, 0.91c, 0.92a, 0.92b, 0.92c, 0.92d, 0.92e, 0.93a, 0.93b, 0.93c, and all versions up to 3.02.
Is Poppler affected by CVE-2009-0165?
No, the Poppler library itself is not affected by CVE-2009-0165 as it does not contain the vulnerable JBIG2 decoder.

collector/nvd-historical
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/event
agent/severity
agent/remedy
agent/author
agent/weakness
agent/description
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/foolabs
canonical/xpdf
version/xpdf/0.5a
version/xpdf/0.7a
version/xpdf/0.91a
version/xpdf/0.91b
version/xpdf/0.91c
version/xpdf/0.92a
version/xpdf/0.92b
version/xpdf/0.92c
version/xpdf/0.92d
version/xpdf/0.92e
version/xpdf/0.93a
version/xpdf/0.93b
version/xpdf/0.93c
version/xpdf/1.00a
version/xpdf/3.0.1
vendor/glyphandcog
canonical/glyph & cog xpdfreader
version/glyph & cog xpdfreader/3.02
version/glyph & cog xpdfreader/0.2
version/glyph & cog xpdfreader/0.3
version/glyph & cog xpdfreader/0.4
version/glyph & cog xpdfreader/0.5
version/glyph & cog xpdfreader/0.6
version/glyph & cog xpdfreader/0.7
version/glyph & cog xpdfreader/0.80
version/glyph & cog xpdfreader/0.90
version/glyph & cog xpdfreader/0.91
version/glyph & cog xpdfreader/0.92
version/glyph & cog xpdfreader/0.93
version/glyph & cog xpdfreader/1.00
version/glyph & cog xpdfreader/1.01
version/glyph & cog xpdfreader/2.00
version/glyph & cog xpdfreader/2.01
version/glyph & cog xpdfreader/2.02
version/glyph & cog xpdfreader/2.03
version/glyph & cog xpdfreader/3.00
version/glyph & cog xpdfreader/3.01
vendor/poppler
canonical/poppler data