CVE-2009-3608

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://poppler.freedesktop.org/	Patch Vendor Advisory
http://secunia.com/advisories/37028	Vendor Advisory
http://secunia.com/advisories/37034	Vendor Advisory
http://secunia.com/advisories/37037	Vendor Advisory
http://secunia.com/advisories/37043	Vendor Advisory
http://secunia.com/advisories/37051	Vendor Advisory
http://secunia.com/advisories/37053	Vendor Advisory
http://secunia.com/advisories/37054	Vendor Advisory
http://secunia.com/advisories/37061	Vendor Advisory
http://secunia.com/advisories/37077	Vendor Advisory
http://secunia.com/advisories/37079	Vendor Advisory
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://securitytracker.com/id?1023029	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.debian.org/security/2009/dsa-1941
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://www.securityfocus.com/bid/36703	Exploit Patch
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2926	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2928	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://bugzilla.redhat.com/show_bug.cgi?id=526637	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://rhn.redhat.com/errata/RHSA-2009-1513.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://poppler.freedesktop.org/	Patch Vendor Advisory
http://secunia.com/advisories/37028	Vendor Advisory
http://secunia.com/advisories/37034	Vendor Advisory
http://secunia.com/advisories/37037	Vendor Advisory
http://secunia.com/advisories/37043	Vendor Advisory
http://secunia.com/advisories/37051	Vendor Advisory
http://secunia.com/advisories/37053	Vendor Advisory
http://secunia.com/advisories/37054	Vendor Advisory
http://secunia.com/advisories/37061	Vendor Advisory
http://secunia.com/advisories/37077	Vendor Advisory
http://secunia.com/advisories/37079	Vendor Advisory
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://securitytracker.com/id?1023029	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.debian.org/security/2009/dsa-1941
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://www.securityfocus.com/bid/36703	Exploit Patch
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2926	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2928	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://bugzilla.redhat.com/show_bug.cgi?id=526637	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://rhn.redhat.com/errata/RHSA-2009-1513.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:foolabs:xpdf:3.02pl1:::::::*
	cpe:2.3:a:foolabs:xpdf:3.02pl2:::::::*
	cpe:2.3:a:foolabs:xpdf:3.02pl3:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.02:::::::*
	cpe:2.3:a:poppler:poppler::::::::
	cpe:2.3:a:poppler:poppler:0.1:::::::*
	cpe:2.3:a:poppler:poppler:0.1.1:::::::*
	cpe:2.3:a:poppler:poppler:0.1.2:::::::*
	cpe:2.3:a:poppler:poppler:0.2.0:::::::*
	cpe:2.3:a:poppler:poppler:0.3.0:::::::*
	cpe:2.3:a:poppler:poppler:0.3.1:::::::*
	cpe:2.3:a:poppler:poppler:0.3.2:::::::*
	cpe:2.3:a:poppler:poppler:0.3.3:::::::*
	cpe:2.3:a:poppler:poppler:0.4.0:::::::*
	cpe:2.3:a:poppler:poppler:0.4.1:::::::*
	cpe:2.3:a:poppler:poppler:0.4.2:::::::*
	cpe:2.3:a:poppler:poppler:0.4.3:::::::*
	cpe:2.3:a:poppler:poppler:0.4.4:::::::*
	cpe:2.3:a:poppler:poppler:0.5.0:::::::*
	cpe:2.3:a:poppler:poppler:0.5.1:::::::*
	cpe:2.3:a:poppler:poppler:0.5.2:::::::*
	cpe:2.3:a:poppler:poppler:0.5.3:::::::*
	cpe:2.3:a:poppler:poppler:0.5.4:::::::*
	cpe:2.3:a:poppler:poppler:0.5.9:::::::*
	cpe:2.3:a:poppler:poppler:0.6.0:::::::*
	cpe:2.3:a:poppler:poppler:0.6.1:::::::*
	cpe:2.3:a:poppler:poppler:0.6.2:::::::*
	cpe:2.3:a:poppler:poppler:0.6.3:::::::*
	cpe:2.3:a:poppler:poppler:0.6.4:::::::*
	cpe:2.3:a:poppler:poppler:0.7.0:::::::*
	cpe:2.3:a:poppler:poppler:0.7.1:::::::*
	cpe:2.3:a:poppler:poppler:0.7.2:::::::*
	cpe:2.3:a:poppler:poppler:0.7.3:::::::*
	cpe:2.3:a:poppler:poppler:0.8.0:::::::*
	cpe:2.3:a:poppler:poppler:0.8.1:::::::*
	cpe:2.3:a:poppler:poppler:0.8.2:::::::*
	cpe:2.3:a:poppler:poppler:0.8.3:::::::*
	cpe:2.3:a:poppler:poppler:0.8.4:::::::*
	cpe:2.3:a:poppler:poppler:0.8.6:::::::*
	cpe:2.3:a:poppler:poppler:0.8.7:::::::*
	cpe:2.3:a:poppler:poppler:0.9.0:::::::*
	cpe:2.3:a:poppler:poppler:0.9.1:::::::*
	cpe:2.3:a:poppler:poppler:0.9.2:::::::*
	cpe:2.3:a:poppler:poppler:0.9.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.0:::::::*
	cpe:2.3:a:poppler:poppler:0.10.1:::::::*
	cpe:2.3:a:poppler:poppler:0.10.2:::::::*
	cpe:2.3:a:poppler:poppler:0.10.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.4:::::::*
	cpe:2.3:a:poppler:poppler:0.10.5:::::::*
	cpe:2.3:a:poppler:poppler:0.10.6:::::::*
	cpe:2.3:a:poppler:poppler:0.10.7:::::::*
	cpe:2.3:a:poppler:poppler:0.11.0:::::::*
	cpe:2.3:a:poppler:poppler:0.11.1:::::::*
	cpe:2.3:a:poppler:poppler:0.11.2:::::::*
	cpe:2.3:a:poppler:poppler:0.11.3:::::::*

OR	cpe:2.3:a:glyph_and_cog:pdftops::::::::
	cpe:2.3:a:gnome:gpdf::::::::
	cpe:2.3:a:kde:kpdf::::::::
	cpe:2.3:a:tetex:tetex::::::::

History

21 Nov 2024, 01:07

Information

Published : 2009-10-21 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-3608

Mitre link : CVE-2009-3608

CVE.ORG link : CVE-2009-3608

JSON object : View

Products Affected

poppler

poppler

kde

kpdf

tetex

tetex

foolabs

xpdf

glyph_and_cog

pdftops

glyphandcog

xpdfreader

gnome

gpdf

CWE

CWE-189

Numeric Errors

9.3 /10