CVE-2009-0756 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0756 Interim 1 11 2023-12-09T02:05:37Z current 2021-05-30T12:46:04Z 2023-12-09T02:05:37Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0756 The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UZFW5KU5NKW7N2N2NBJXVL2IW7DVJYIB/#UZFW5KU5NKW7N2N2NBJXVL2IW7DVJYIB E-Mail link for SUSE-SR:2009:012 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-devel-0.12.3-1.10.1 libpoppler-glib-devel-0.12.3-1.10.1 libpoppler-glib4-0.12.3-1.10.1 libpoppler-glib4-0.12.3-1.2.44 libpoppler-glib4-0.12.3-1.3.1 libpoppler-glib4-0.12.3-1.8.1 libpoppler-qt2-0.12.3-1.10.1 libpoppler-qt3-devel-0.12.3-1.10.1 libpoppler-qt4-3-0.12.3-1.10.1 libpoppler-qt4-3-0.12.3-1.2.44 libpoppler-qt4-3-0.12.3-1.3.1 libpoppler-qt4-3-0.12.3-1.8.1 libpoppler-qt4-devel-0.12.3-1.10.1 libpoppler4-0.10.1-1.30.5 libpoppler5-0.12.3-1.10.1 libpoppler5-0.12.3-1.2.44 libpoppler5-0.12.3-1.3.1 libpoppler5-0.12.3-1.8.1 poppler-tools-0.12.3-1.10.1 poppler-tools-0.12.3-1.2.44 poppler-tools-0.12.3-1.3.1 poppler-tools-0.12.3-1.8.1 libpoppler4-0.10.1-1.30.5 as a component of SUSE Linux Enterprise Server 11 libpoppler-glib4-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 libpoppler-qt4-3-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 libpoppler5-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 poppler-tools-0.12.3-1.2.44 as a component of SUSE Linux Enterprise Server 11 SP1 libpoppler-glib4-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpoppler-qt4-3-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpoppler5-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 poppler-tools-0.12.3-1.3.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpoppler-glib4-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpoppler-qt4-3-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpoppler5-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 poppler-tools-0.12.3-1.8.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpoppler-glib4-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpoppler-qt4-3-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpoppler5-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 poppler-tools-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpoppler4-0.10.1-1.30.5 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libpoppler-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-glib-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt2-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt3-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpoppler-qt4-devel-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 poppler-tools-0.12.3-1.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference. CVE-2009-0756 SUSE Linux Enterprise Server 11:libpoppler4-0.10.1-1.30.5 SUSE Linux Enterprise Server 11 SP1:libpoppler-glib4-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:libpoppler-qt4-3-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:libpoppler5-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP1:poppler-tools-0.12.3-1.2.44 SUSE Linux Enterprise Server 11 SP2:libpoppler-glib4-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP2:libpoppler-qt4-3-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP2:libpoppler5-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP2:poppler-tools-0.12.3-1.3.1 SUSE Linux Enterprise Server 11 SP3:libpoppler-glib4-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP3:libpoppler-qt4-3-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP3:libpoppler5-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP3:poppler-tools-0.12.3-1.8.1 SUSE Linux Enterprise Server 11 SP4:libpoppler-glib4-0.12.3-1.10.1 SUSE Linux Enterprise Server 11 SP4:libpoppler-qt4-3-0.12.3-1.10.1 SUSE Linux Enterprise Server 11 SP4:libpoppler5-0.12.3-1.10.1 SUSE Linux Enterprise Server 11 SP4:poppler-tools-0.12.3-1.10.1 SUSE Linux Enterprise Server for SAP Applications 11:libpoppler4-0.10.1-1.30.5 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-glib-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt2-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt3-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpoppler-qt4-devel-0.12.3-1.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:poppler-tools-0.12.3-1.10.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P