Critical

CVE-2009-0165 - Numeric Errors vulnerability in Foolabs Xpdf

Publication: 2009-04-23
Summary

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

Classification
CWE-189: Numeric Errors

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Foolabs Xpdf 0.92e
  • Foolabs Xpdf 0.2
  • Foolabs Xpdf 0.3
  • Foolabs Xpdf 0.4
  • Foolabs Xpdf 0.5
  • Foolabs Xpdf 0.6
  • Foolabs Xpdf 0.7
  • Foolabs Xpdf 0.80
  • Foolabs Xpdf 0.90
  • Foolabs Xpdf 0.91
  • Foolabs Xpdf 0.92
  • Foolabs Xpdf 0.93
  • Foolabs Xpdf 1.00
  • Foolabs Xpdf 1.01
  • Foolabs Xpdf 2.00
  • Foolabs Xpdf 2.01
  • Foolabs Xpdf 2.02
  • Foolabs Xpdf 2.03
  • Foolabs Xpdf 3.00
  • Foolabs Xpdf 3.0.1
  • Foolabs Xpdf 3.01
  • Foolabs Xpdf 0.93a
  • Foolabs Xpdf 0.93b
  • Foolabs Xpdf 0.93c
  • Foolabs Xpdf 0.91b
  • Foolabs Xpdf 1.00a
  • Foolabs Xpdf 0.91c
  • Foolabs Xpdf 3.02
  • Foolabs Xpdf 0.92a
  • Foolabs Xpdf 0.92b
  • Foolabs Xpdf 0.5a
  • Foolabs Xpdf 0.92d
  • Foolabs Xpdf 0.7a
  • Foolabs Xpdf 0.91a
  • Foolabs Xpdf 0.92c