fkie_cve-2009-3609
Vulnerability from fkie_nvd
Published
2009-10-21 17:30
Modified
2024-11-21 01:07
Severity ?
Summary
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
References
secalert@redhat.comftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchExploit
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
secalert@redhat.comhttp://poppler.freedesktop.org/Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37023Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37028Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37034Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37037Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37043Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37051Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37054Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37061Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37077Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37079Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37114
secalert@redhat.comhttp://secunia.com/advisories/37159
secalert@redhat.comhttp://secunia.com/advisories/39327
secalert@redhat.comhttp://secunia.com/advisories/39938
secalert@redhat.comhttp://securitytracker.com/id?1023029
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2028
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2050
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:287
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:334
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:175
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0755.html
secalert@redhat.comhttp://www.securityfocus.com/bid/36703Exploit, Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-850-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-850-3
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2924Patch, Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2925Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2926Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2928Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0802
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1220
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=526893Exploit, Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/53800
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1500.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1501.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1502.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1503.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1504.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1512.html
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1513.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchExploit
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://poppler.freedesktop.org/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37023Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37028Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37034Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37037Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37043Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37051Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37054Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37061Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37077Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37079Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37114
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37159
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39327
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39938
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023029
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2028
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2050
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0755.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36703Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-850-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-850-3
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2924Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2925Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2926Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2928Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0802
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1220
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=526893Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1500.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1501.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1502.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1503.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1504.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1512.html
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1513.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
Impacted products
Vendor Product Version
foolabs xpdf 3.02pl1
foolabs xpdf 3.02pl2
foolabs xpdf 3.02pl3
glyphandcog xpdfreader 3.00
glyphandcog xpdfreader 3.01
glyphandcog xpdfreader 3.02
poppler poppler *
poppler poppler 0.1
poppler poppler 0.1.1
poppler poppler 0.1.2
poppler poppler 0.2.0
poppler poppler 0.3.0
poppler poppler 0.3.1
poppler poppler 0.3.2
poppler poppler 0.3.3
poppler poppler 0.4.0
poppler poppler 0.4.1
poppler poppler 0.4.2
poppler poppler 0.4.3
poppler poppler 0.4.4
poppler poppler 0.5.0
poppler poppler 0.5.1
poppler poppler 0.5.2
poppler poppler 0.5.3
poppler poppler 0.5.4
poppler poppler 0.5.9
poppler poppler 0.6.0
poppler poppler 0.6.1
poppler poppler 0.6.2
poppler poppler 0.6.3
poppler poppler 0.6.4
poppler poppler 0.7.0
poppler poppler 0.7.1
poppler poppler 0.7.2
poppler poppler 0.7.3
poppler poppler 0.8.0
poppler poppler 0.8.1
poppler poppler 0.8.2
poppler poppler 0.8.3
poppler poppler 0.8.4
poppler poppler 0.8.6
poppler poppler 0.8.7
poppler poppler 0.9.0
poppler poppler 0.9.1
poppler poppler 0.9.2
poppler poppler 0.9.3
poppler poppler 0.10.0
poppler poppler 0.10.1
poppler poppler 0.10.2
poppler poppler 0.10.3
poppler poppler 0.10.4
poppler poppler 0.10.5
poppler poppler 0.10.6
poppler poppler 0.10.7
poppler poppler 0.11.0
poppler poppler 0.11.1
poppler poppler 0.11.2
poppler poppler 0.11.3
glyph_and_cog pdftops *
gnome gpdf *
kde kpdf *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C16CA37E-F28E-47E6-B77B-4CB0A859F831",
              "versionEndIncluding": "0.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23EBF88-10DE-4EA6-9F0E-F33C88541F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F75CFD-3523-4017-992C-4FA6406D49F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB116A19-6436-40BE-B5C6-32C22D888B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4C1429-593B-47B6-AC84-832F2296FAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18240BA6-3390-4925-AC25-DA4C42397CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3090A142-2240-4A8D-A122-C037931A277C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD63240-4599-4212-8AF2-7C4089CA9D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C7EE965-EE3F-4B17-AF38-FA3AA0B11164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE488E5-B3D9-4723-ABBA-A8753EC2DA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1259C59E-517F-40BE-8BA6-01AB76257C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C92F1C-3005-4EA6-B9C0-2BC2E3D611D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "576152B4-9ACD-4C4E-B423-4A5EF44332D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "322F9E62-6A74-4805-8F6B-9C61739B2D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F51C453F-6A87-49FB-83F6-22316F28161F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F532F0-6653-4275-A85A-BD9A9A611E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC7300E-0CBE-47FD-A241-B4B4F0164EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "255102DA-A2C0-4795-9539-B4CBD587554A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "349B06F1-772A-4A12-A7B9-EA220ED96D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B779800A-FF4B-47DD-B56F-77D10D6A335C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "178680C2-DB1B-4250-9B6E-6ADABA60DE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA9036F-92DA-45C2-9FBC-DE03444D34F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6855B98-DAA2-4850-A765-2F4D6D93A424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4743EC55-B61D-4C1A-9ED7-060268F2DB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD4454E-3D2B-4582-B5E5-0317A6417654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96402B67-A7A8-44E3-914E-A10A69FAD735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C608C8-F382-4D6B-A638-98763C1CBB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F0F4E0-91B7-4B1F-BFA9-829101A7F90A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22287102-80B1-4E1F-85E4-488B020A51E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3030D6-DE07-418B-AB40-87C85FCA3C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3583D56-F653-457A-B1F8-25842A15CB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EEA5DBB-5A80-439E-A135-77CB40772916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A5C43B-3978-4D0A-8166-A99622106781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A940AF2-A7CA-408F-86E2-797C7BA8A6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA56CB7C-E7B3-4F0B-8BEB-F133FAF0D6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1833267E-3B18-4CF8-B996-6226D5439F5F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4A9A98B-5E37-4938-9506-927E0C8FACB8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41EF2714-DEC9-407F-9D1B-EF2A4D8B4DC3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en la funci\u00f3n ImageStream::ImageStream  en Stream.cc en Xpdf v3.02pl4 y Poppler v0.12.1, usado en GPdf, kdegraphics KPDF, y CUPS pdftops, permite a atacantes remotsos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de b\u00fafer fuera del l\u00edmite (over-read)."
    }
  ],
  "id": "CVE-2009-3609",
  "lastModified": "2024-11-21T01:07:47.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-21T17:30:00.453",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://poppler.freedesktop.org/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37023"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37028"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37034"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37037"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37043"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37051"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37054"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37061"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37077"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37114"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37159"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39327"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39938"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1023029"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2028"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2050"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36703"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-850-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-850-3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2925"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2926"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2928"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1220"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://poppler.freedesktop.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-850-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-850-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.