fkie_cve-2009-3604
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2024-11-21 01:07
Severity ?
Summary
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
References
secalert@redhat.comftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchPatch
secalert@redhat.comhttp://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
secalert@redhat.comhttp://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
secalert@redhat.comhttp://secunia.com/advisories/37023Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37028Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37037Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37042Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37043Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37053Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37077Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37079Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37114
secalert@redhat.comhttp://secunia.com/advisories/37159
secalert@redhat.comhttp://secunia.com/advisories/39327
secalert@redhat.comhttp://secunia.com/advisories/39938
secalert@redhat.comhttp://securitytracker.com/id?1023029
secalert@redhat.comhttp://site.pi3.com.pl/adv/xpdf.txtExploit
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2028
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2050
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:287
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:087
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:175
secalert@redhat.comhttp://www.securityfocus.com/bid/36703Exploit, Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-850-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-850-3
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2924Patch, Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2928Patch, Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0802
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1040
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1220
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=526911Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/53795
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1500.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1501.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1502.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1503.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1512.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37023Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37028Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37037Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37042Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37043Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37053Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37077Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37079Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37114
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37159
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39327
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39938
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023029
af854a3a-2127-422b-91ae-364da2661108http://site.pi3.com.pl/adv/xpdf.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2028
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2050
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36703Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-850-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-850-3
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2924Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2928Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0802
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1040
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1220
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=526911Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1500.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1501.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1502.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1503.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1512.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
Impacted products
Vendor Product Version
gnome gpdf *
kde kpdf *
foolabs xpdf 3.02pl1
foolabs xpdf 3.02pl2
foolabs xpdf 3.02pl3
glyphandcog xpdfreader 2.00
glyphandcog xpdfreader 2.01
glyphandcog xpdfreader 2.02
glyphandcog xpdfreader 2.03
glyphandcog xpdfreader 3.00
glyphandcog xpdfreader 3.01
glyphandcog xpdfreader 3.02
poppler poppler 0.1
poppler poppler 0.1.1
poppler poppler 0.1.2
poppler poppler 0.2.0
poppler poppler 0.3.0
poppler poppler 0.3.1
poppler poppler 0.3.2
poppler poppler 0.3.3
poppler poppler 0.4.0
poppler poppler 0.4.1
poppler poppler 0.4.2
poppler poppler 0.4.3
poppler poppler 0.4.4
poppler poppler 0.5.0
poppler poppler 0.5.1
poppler poppler 0.5.2
poppler poppler 0.5.3
poppler poppler 0.5.4
poppler poppler 0.5.9
poppler poppler 0.5.90
poppler poppler 0.5.91
poppler poppler 0.6.0
poppler poppler 0.6.1
poppler poppler 0.6.2
poppler poppler 0.6.3
poppler poppler 0.6.4
poppler poppler 0.7.0
poppler poppler 0.7.1
poppler poppler 0.7.2
poppler poppler 0.7.3
poppler poppler 0.8.0
poppler poppler 0.8.1
poppler poppler 0.8.2
poppler poppler 0.8.3
poppler poppler 0.8.4
poppler poppler 0.8.5
poppler poppler 0.8.6
poppler poppler 0.8.7
poppler poppler 0.9.0
poppler poppler 0.9.1
poppler poppler 0.9.2
poppler poppler 0.9.3
poppler poppler 0.10.0
poppler poppler 0.10.1
poppler poppler 0.10.2
poppler poppler 0.10.3
poppler poppler 0.10.4
poppler poppler 0.10.5
poppler poppler 0.10.6
poppler poppler 0.10.7
poppler poppler 0.11.0
poppler poppler 0.11.1
poppler poppler 0.11.2
poppler poppler 0.11.3
poppler poppler 0.12.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0213390-08FA-4E04-835B-8BE0FC61B464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B304657-740A-4F8D-99CD-22E283FEE6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B2CD8A0-2DBA-4AC9-A97D-D4DAEB6C7A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en la funci\u00f3n Splash.cc en Xpdf v3.02pl4  y Poppler v0.x, usado en n kdegraphics KPDF y GPdf, no asigna la memoria adecuadamente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y probablemente, la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
    }
  ],
  "id": "CVE-2009-3604",
  "lastModified": "2024-11-21T01:07:46.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-21T17:30:00.313",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37023"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37028"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37037"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37042"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37043"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37053"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37077"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37114"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37159"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39327"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39938"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1023029"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://site.pi3.com.pl/adv/xpdf.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2028"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2050"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36703"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-850-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-850-3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2928"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1040"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1220"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996\u0026id2=75c3466ba2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://site.pi3.com.pl/adv/xpdf.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-850-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-850-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.