CVE-2009-0756

Publication date 3 March 2009

Last updated 24 July 2024

The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
poppler	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 0.8.7-1ubuntu0.2
	8.04 LTS hardy	Fixed 0.6.4-1ubuntu3.2
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Fixed 0.5.1-0ubuntu7.5

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

patch was replaced in a later fix (see second commit) later fix was in USN-759-1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
poppler	Upstream: ?id=d3f Upstream: ?id=9f1

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0756