CVE-2009-0800

Description

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

How to fix CVE-2009-0800

To remediate CVE-2009-0800, upgrade the affected package to a fixed version below.

• Debian/poppler—upgrade to 0.10.6-1 or later
• Debian/xpdf—upgrade to 3.02-1.4+lenny1 or later

Is CVE-2009-0800 being exploited?

Moderate — EPSS is 9.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 0.10.6-1
• from 0, < 3.02-1.4+lenny1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-0800