Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xpdf | Foolabs | 0.5a (including) | 0.5a (including) |
| Xpdf | Foolabs | 0.7a (including) | 0.7a (including) |
| Xpdf | Foolabs | 0.91a (including) | 0.91a (including) |
| Xpdf | Foolabs | 0.91b (including) | 0.91b (including) |
| Xpdf | Foolabs | 0.91c (including) | 0.91c (including) |
| Xpdf | Foolabs | 0.92a (including) | 0.92a (including) |
| Xpdf | Foolabs | 0.92b (including) | 0.92b (including) |
| Xpdf | Foolabs | 0.92c (including) | 0.92c (including) |
| Xpdf | Foolabs | 0.92d (including) | 0.92d (including) |
| Xpdf | Foolabs | 0.92e (including) | 0.92e (including) |
| Xpdf | Foolabs | 0.93a (including) | 0.93a (including) |
| Xpdf | Foolabs | 0.93b (including) | 0.93b (including) |
| Xpdf | Foolabs | 0.93c (including) | 0.93c (including) |
| Xpdf | Foolabs | 1.00a (including) | 1.00a (including) |
| Xpdfreader | Glyphandcog | * | 3.02 (including) |
| Xpdfreader | Glyphandcog | 0.2 (including) | 0.2 (including) |
| Xpdfreader | Glyphandcog | 0.3 (including) | 0.3 (including) |
| Xpdfreader | Glyphandcog | 0.4 (including) | 0.4 (including) |
| Xpdfreader | Glyphandcog | 0.5 (including) | 0.5 (including) |
| Xpdfreader | Glyphandcog | 0.6 (including) | 0.6 (including) |
| Xpdfreader | Glyphandcog | 0.7 (including) | 0.7 (including) |
| Xpdfreader | Glyphandcog | 0.80 (including) | 0.80 (including) |
| Xpdfreader | Glyphandcog | 0.90 (including) | 0.90 (including) |
| Xpdfreader | Glyphandcog | 0.91 (including) | 0.91 (including) |
| Xpdfreader | Glyphandcog | 0.92 (including) | 0.92 (including) |
| Xpdfreader | Glyphandcog | 0.93 (including) | 0.93 (including) |
| Xpdfreader | Glyphandcog | 1.00 (including) | 1.00 (including) |
| Xpdfreader | Glyphandcog | 1.01 (including) | 1.01 (including) |
| Xpdfreader | Glyphandcog | 2.00 (including) | 2.00 (including) |
| Xpdfreader | Glyphandcog | 2.01 (including) | 2.01 (including) |
| Xpdfreader | Glyphandcog | 2.02 (including) | 2.02 (including) |
| Xpdfreader | Glyphandcog | 2.03 (including) | 2.03 (including) |
| Xpdfreader | Glyphandcog | 3.00 (including) | 3.00 (including) |
| Xpdfreader | Glyphandcog | 3.01 (including) | 3.01 (including) |