CVE-2009-0166

Name of the Vulnerable Software and Affected Versions cups versions prior to 1.3.10 cups-libs (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-libs-x86 (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-debugsource (affected versions not specified) cups-devel (affected versions not specified) kdegraphics-3.5.4 (affected versions not specified) kdegraphics-devel-3.5.4 (affected versions not specified) Xpdf version 3.02pl2 and earlier

Description The issue concerns multiple vulnerabilities in various packages, including cups and kdegraphics, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, allows remote attackers to cause a denial of service via a crafted PDF file.

Recommendations For cups versions prior to 1.3.10, update to version 1.3.10 or later. For cups-libs, cups-libs-32bit, cups-libs-x86, cups-client, cups-debuginfo, cups-debugsource, and cups-devel, there is no information about a newer version that contains a fix for this vulnerability. For kdegraphics-3.5.4 and kdegraphics-devel-3.5.4, there is no information about a newer version that contains a fix for this vulnerability. For Xpdf version 3.02pl2 and earlier, update to a version later than 3.02pl2. As a temporary workaround, consider disabling the JBIG2 decoder function until a patch is available.