Your submission was sent successfully! Close

CVE-2009-0800

Published: 23 April 2009

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

Notes

AuthorNote
jdstrand
CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops)
sbeattie
ipe uses system pdflatex
Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

cosmic Not vulnerable

dapper Does not exist

disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

gutsy Does not exist

hardy Does not exist

hirsute Not vulnerable

impish Not vulnerable

intrepid Not vulnerable

jammy Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise Does not exist
(precise was not-affected)
quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream
Released (1.3.10)
utopic Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable

cupsys
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Not vulnerable

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Not vulnerable

hardy Not vulnerable

hirsute Does not exist

impish Does not exist

intrepid Does not exist

jammy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (1.3.10)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

evince
Launchpad, Ubuntu, Debian
artful Not vulnerable
(linked to poppler)
bionic Not vulnerable
(linked to poppler)
cosmic Not vulnerable
(linked to poppler)
dapper Not vulnerable
(linked to poppler)
disco Not vulnerable
(linked to poppler)
eoan Not vulnerable
(linked to poppler)
focal Not vulnerable
(linked to poppler)
groovy Not vulnerable
(linked to poppler)
gutsy Not vulnerable
(linked to poppler)
hardy Not vulnerable
(linked to poppler)
hirsute Not vulnerable
(linked to poppler)
impish Not vulnerable
(linked to poppler)
intrepid Not vulnerable
(linked to poppler)
jammy Not vulnerable
(linked to poppler)
jaunty Not vulnerable
(linked to poppler)
karmic Not vulnerable
(linked to poppler)
lucid Not vulnerable
(linked to poppler)
maverick Not vulnerable
(linked to poppler)
natty Not vulnerable
(linked to poppler)
oneiric Not vulnerable
(linked to poppler)
precise Does not exist
(precise was not-affected [linked to poppler])
quantal Not vulnerable
(linked to poppler)
raring Not vulnerable
(linked to poppler)
saucy Not vulnerable
(linked to poppler)
trusty Does not exist
(trusty was not-affected [linked to poppler])
upstream Not vulnerable
(linked to poppler)
utopic Not vulnerable
(linked to poppler)
vivid Not vulnerable
(linked to poppler)
wily Not vulnerable
(linked to poppler)
xenial Not vulnerable
(linked to poppler)
yakkety Not vulnerable
(linked to poppler)
zesty Not vulnerable
(linked to poppler)
gpdf
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Ignored
(reached end-of-life)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Does not exist

hardy Does not exist

hirsute Does not exist

impish Does not exist

intrepid Does not exist

jammy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

ipe
Launchpad, Ubuntu, Debian
artful Not vulnerable
(uses system pdflatex)
bionic Not vulnerable
(uses system pdflatex)
cosmic Not vulnerable
(uses system pdflatex)
dapper Ignored
(reached end-of-life)
disco Not vulnerable
(uses system pdflatex)
eoan Not vulnerable
(uses system pdflatex)
focal Not vulnerable
(uses system pdflatex)
groovy Not vulnerable
(uses system pdflatex)
gutsy Needs triage
(reached end-of-life)
hardy Not vulnerable
(uses system pdflatex)
hirsute Not vulnerable
(uses system pdflatex)
impish Not vulnerable
(uses system pdflatex)
intrepid Needs triage
(reached end-of-life)
jammy Not vulnerable
(uses system pdflatex)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Not vulnerable
(uses system pdflatex)
maverick Not vulnerable
(uses system pdflatex)
natty Not vulnerable
(uses system pdflatex)
oneiric Not vulnerable
(uses system pdflatex)
precise Does not exist
(precise was not-affected [uses system pdflatex])
quantal Not vulnerable
(uses system pdflatex)
raring Not vulnerable
(uses system pdflatex)
saucy Not vulnerable
(uses system pdflatex)
trusty Does not exist
(trusty was not-affected [uses system pdflatex])
upstream Needs triage

utopic Not vulnerable
(uses system pdflatex)
vivid Not vulnerable
(uses system pdflatex)
wily Not vulnerable
(uses system pdflatex)
xenial Not vulnerable
(uses system pdflatex)
yakkety Not vulnerable
(uses system pdflatex)
zesty Not vulnerable
(uses system pdflatex)
kdegraphics
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Not vulnerable
(linked to poppler)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Not vulnerable
(linked to poppler)
hardy Not vulnerable
(linked to poppler)
hirsute Does not exist

impish Does not exist

intrepid Not vulnerable
(linked to poppler)
jammy Does not exist

jaunty Not vulnerable
(linked to poppler)
karmic Not vulnerable
(linked to poppler)
lucid Not vulnerable
(linked to poppler)
maverick Not vulnerable
(linked to poppler)
natty Not vulnerable
(linked to poppler)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

koffice
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Ignored
(reached end-of-life)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Needs triage
(reached end-of-life)
hardy Ignored
(reached end-of-life)
hirsute Does not exist

impish Does not exist

intrepid Needed
(reached end-of-life)
jammy Does not exist

jaunty
Released (1:1.6.3-7ubuntu6.1)
karmic Not vulnerable
(linked to poppler)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Not vulnerable
(code not present)
oneiric Not vulnerable
(code not present)
precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

libextractor
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needs triage

cosmic Ignored
(reached end-of-life)
dapper Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
gutsy Needs triage
(reached end-of-life)
hardy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
intrepid Needs triage
(reached end-of-life)
jammy Needs triage

jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needs-triage)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
pdfkit.framework
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Ignored
(reached end-of-life)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Does not exist

hardy Does not exist

hirsute Does not exist

impish Does not exist

intrepid Does not exist

jammy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

pdftohtml
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Ignored
(reached end-of-life)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Does not exist

hardy Does not exist

hirsute Does not exist

impish Does not exist

intrepid Does not exist

jammy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

poppler
Launchpad, Ubuntu, Debian
artful
Released (0.10.5-1ubuntu2)
bionic
Released (0.10.5-1ubuntu2)
cosmic
Released (0.10.5-1ubuntu2)
dapper
Released (0.5.1-0ubuntu7.5)
disco
Released (0.10.5-1ubuntu2)
eoan
Released (0.10.5-1ubuntu2)
focal
Released (0.10.5-1ubuntu2)
groovy
Released (0.10.5-1ubuntu2)
gutsy Needs triage
(reached end-of-life)
hardy
Released (0.6.4-1ubuntu3.2)
hirsute
Released (0.10.5-1ubuntu2)
impish
Released (0.10.5-1ubuntu2)
intrepid
Released (0.8.7-1ubuntu0.2)
jammy
Released (0.10.5-1ubuntu2)
jaunty
Released (0.10.5-1ubuntu2)
karmic
Released (0.10.5-1ubuntu2)
lucid
Released (0.10.5-1ubuntu2)
maverick
Released (0.10.5-1ubuntu2)
natty
Released (0.10.5-1ubuntu2)
oneiric
Released (0.10.5-1ubuntu2)
precise Does not exist
(precise was released [0.10.5-1ubuntu2])
quantal
Released (0.10.5-1ubuntu2)
raring
Released (0.10.5-1ubuntu2)
saucy
Released (0.10.5-1ubuntu2)
trusty Does not exist
(trusty was released [0.10.5-1ubuntu2])
upstream Needs triage

utopic
Released (0.10.5-1ubuntu2)
vivid
Released (0.10.5-1ubuntu2)
wily
Released (0.10.5-1ubuntu2)
xenial
Released (0.10.5-1ubuntu2)
yakkety
Released (0.10.5-1ubuntu2)
zesty
Released (0.10.5-1ubuntu2)
tetex-bin
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Not vulnerable
(linked to poppler)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

gutsy Does not exist

hardy Does not exist

hirsute Does not exist

impish Does not exist

intrepid Does not exist

jammy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

texlive-bin
Launchpad, Ubuntu, Debian
artful Not vulnerable
(linked to poppler)
bionic Not vulnerable
(linked to poppler)
cosmic Not vulnerable
(linked to poppler)
dapper Does not exist

disco Not vulnerable
(linked to poppler)
eoan Not vulnerable
(linked to poppler)
focal Not vulnerable
(linked to poppler)
groovy Not vulnerable
(linked to poppler)
gutsy Not vulnerable
(linked to poppler)
hardy Not vulnerable
(linked to poppler)
hirsute Not vulnerable
(linked to poppler)
impish Not vulnerable
(linked to poppler)
intrepid Not vulnerable
(linked to poppler)
jammy Not vulnerable
(linked to poppler)
jaunty Not vulnerable
(linked to poppler)
karmic Not vulnerable
(linked to poppler)
lucid Not vulnerable
(linked to poppler)
maverick Not vulnerable
(linked to poppler)
natty Not vulnerable
(linked to poppler)
oneiric Not vulnerable
(linked to poppler)
precise Does not exist
(precise was not-affected [linked to poppler])
quantal Not vulnerable
(linked to poppler)
raring Not vulnerable
(linked to poppler)
saucy Not vulnerable
(linked to poppler)
trusty Does not exist
(trusty was not-affected [linked to poppler])
upstream Needs triage

utopic Not vulnerable
(linked to poppler)
vivid Not vulnerable
(linked to poppler)
wily Not vulnerable
(linked to poppler)
xenial Not vulnerable
(linked to poppler)
yakkety Not vulnerable
(linked to poppler)
zesty Not vulnerable
(linked to poppler)
xpdf
Launchpad, Ubuntu, Debian
artful Not vulnerable
(3.02-2)
bionic Not vulnerable
(3.02-2)
cosmic Not vulnerable
(3.02-2)
dapper Ignored
(reached end-of-life)
disco Not vulnerable
(3.02-2)
eoan Not vulnerable
(3.02-2)
focal Does not exist

groovy Does not exist

gutsy Needs triage
(reached end-of-life)
hardy Ignored
(reached end-of-life)
hirsute Not vulnerable

impish Not vulnerable

intrepid Needs triage
(reached end-of-life)
jammy Not vulnerable

jaunty
Released (3.02-1.4ubuntu2.9.04.1)
karmic
Released (3.02-1.4ubuntu2.9.10.1)
lucid Not vulnerable
(3.02-2)
maverick Not vulnerable
(3.02-2)
natty Not vulnerable
(3.02-2)
oneiric Not vulnerable
(3.02-2)
precise Does not exist
(precise was not-affected [3.02-2])
quantal Not vulnerable
(3.02-2)
raring Not vulnerable
(3.02-2)
saucy Not vulnerable
(3.02-2)
trusty Does not exist
(trusty was not-affected [3.02-2])
upstream
Released (3.02-2)
utopic Not vulnerable
(3.02-2)
vivid Not vulnerable
(3.02-2)
wily Not vulnerable
(3.02-2)
xenial Not vulnerable
(3.02-2)
yakkety Not vulnerable
(3.02-2)
zesty Not vulnerable
(3.02-2)