CVE-2009-3609

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-3609
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://poppler.freedesktop.org/ Patch Vendor Advisory
http://secunia.com/advisories/37023 Vendor Advisory
http://secunia.com/advisories/37028 Vendor Advisory
http://secunia.com/advisories/37034 Vendor Advisory
http://secunia.com/advisories/37037 Vendor Advisory
http://secunia.com/advisories/37043 Vendor Advisory
http://secunia.com/advisories/37051 Vendor Advisory
http://secunia.com/advisories/37054 Vendor Advisory
http://secunia.com/advisories/37061 Vendor Advisory
http://secunia.com/advisories/37077 Vendor Advisory
http://secunia.com/advisories/37079 Vendor Advisory
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://www.securityfocus.com/bid/36703 Exploit Patch
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925 Vendor Advisory
http://www.vupen.com/english/advisories/2009/2926 Vendor Advisory
http://www.vupen.com/english/advisories/2009/2928 Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://bugzilla.redhat.com/show_bug.cgi?id=526893 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://rhn.redhat.com/errata/RHSA-2009-1513.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://poppler.freedesktop.org/ Patch Vendor Advisory
http://secunia.com/advisories/37023 Vendor Advisory
http://secunia.com/advisories/37028 Vendor Advisory
http://secunia.com/advisories/37034 Vendor Advisory
http://secunia.com/advisories/37037 Vendor Advisory
http://secunia.com/advisories/37043 Vendor Advisory
http://secunia.com/advisories/37051 Vendor Advisory
http://secunia.com/advisories/37054 Vendor Advisory
http://secunia.com/advisories/37061 Vendor Advisory
http://secunia.com/advisories/37077 Vendor Advisory
http://secunia.com/advisories/37079 Vendor Advisory
http://secunia.com/advisories/37114
http://secunia.com/advisories/37159
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://www.securityfocus.com/bid/36703 Exploit Patch
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925 Vendor Advisory
http://www.vupen.com/english/advisories/2009/2926 Vendor Advisory
http://www.vupen.com/english/advisories/2009/2928 Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://bugzilla.redhat.com/show_bug.cgi?id=526893 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
https://rhn.redhat.com/errata/RHSA-2009-1500.html
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
https://rhn.redhat.com/errata/RHSA-2009-1513.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
OR cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:07

Type Values Removed Values Added
References () ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch - Exploit () ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch - Exploit
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - () http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html -
References () http://poppler.freedesktop.org/ - Patch, Vendor Advisory () http://poppler.freedesktop.org/ - Patch, Vendor Advisory
References () http://secunia.com/advisories/37023 - Vendor Advisory () http://secunia.com/advisories/37023 - Vendor Advisory
References () http://secunia.com/advisories/37028 - Vendor Advisory () http://secunia.com/advisories/37028 - Vendor Advisory
References () http://secunia.com/advisories/37034 - Vendor Advisory () http://secunia.com/advisories/37034 - Vendor Advisory
References () http://secunia.com/advisories/37037 - Vendor Advisory () http://secunia.com/advisories/37037 - Vendor Advisory
References () http://secunia.com/advisories/37043 - Vendor Advisory () http://secunia.com/advisories/37043 - Vendor Advisory
References () http://secunia.com/advisories/37051 - Vendor Advisory () http://secunia.com/advisories/37051 - Vendor Advisory
References () http://secunia.com/advisories/37054 - Vendor Advisory () http://secunia.com/advisories/37054 - Vendor Advisory
References () http://secunia.com/advisories/37061 - Vendor Advisory () http://secunia.com/advisories/37061 - Vendor Advisory
References () http://secunia.com/advisories/37077 - Vendor Advisory () http://secunia.com/advisories/37077 - Vendor Advisory
References () http://secunia.com/advisories/37079 - Vendor Advisory () http://secunia.com/advisories/37079 - Vendor Advisory
References () http://secunia.com/advisories/37114 - () http://secunia.com/advisories/37114 -
References () http://secunia.com/advisories/37159 - () http://secunia.com/advisories/37159 -
References () http://secunia.com/advisories/39327 - () http://secunia.com/advisories/39327 -
References () http://secunia.com/advisories/39938 - () http://secunia.com/advisories/39938 -
References () http://securitytracker.com/id?1023029 - () http://securitytracker.com/id?1023029 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 -
References () http://www.debian.org/security/2010/dsa-2028 - () http://www.debian.org/security/2010/dsa-2028 -
References () http://www.debian.org/security/2010/dsa-2050 - () http://www.debian.org/security/2010/dsa-2050 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 - () http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 - () http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 -
References () http://www.redhat.com/support/errata/RHSA-2010-0755.html - () http://www.redhat.com/support/errata/RHSA-2010-0755.html -
References () http://www.securityfocus.com/bid/36703 - Exploit, Patch () http://www.securityfocus.com/bid/36703 - Exploit, Patch
References () http://www.ubuntu.com/usn/USN-850-1 - () http://www.ubuntu.com/usn/USN-850-1 -
References () http://www.ubuntu.com/usn/USN-850-3 - () http://www.ubuntu.com/usn/USN-850-3 -
References () http://www.vupen.com/english/advisories/2009/2924 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/2924 - Patch, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/2925 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/2925 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/2926 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/2926 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/2928 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/2928 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/0802 - () http://www.vupen.com/english/advisories/2010/0802 -
References () http://www.vupen.com/english/advisories/2010/1220 - () http://www.vupen.com/english/advisories/2010/1220 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=526893 - Exploit, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=526893 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/53800 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134 -
References () https://rhn.redhat.com/errata/RHSA-2009-1500.html - () https://rhn.redhat.com/errata/RHSA-2009-1500.html -
References () https://rhn.redhat.com/errata/RHSA-2009-1501.html - () https://rhn.redhat.com/errata/RHSA-2009-1501.html -
References () https://rhn.redhat.com/errata/RHSA-2009-1502.html - () https://rhn.redhat.com/errata/RHSA-2009-1502.html -
References () https://rhn.redhat.com/errata/RHSA-2009-1503.html - () https://rhn.redhat.com/errata/RHSA-2009-1503.html -
References () https://rhn.redhat.com/errata/RHSA-2009-1504.html - () https://rhn.redhat.com/errata/RHSA-2009-1504.html -
References () https://rhn.redhat.com/errata/RHSA-2009-1512.html - () https://rhn.redhat.com/errata/RHSA-2009-1512.html -
References () https://rhn.redhat.com/errata/RHSA-2009-1513.html - () https://rhn.redhat.com/errata/RHSA-2009-1513.html -
References () https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html - () https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html -
References () https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html - () https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html -
Information

Published : 2009-10-21 17:30

Updated : 2024-11-21 01:07

NVD link : CVE-2009-3609

Mitre link : CVE-2009-3609

CVE.ORG link : CVE-2009-3609

JSON object : View

Products Affected

glyphandcog

  • xpdfreader

gnome

  • gpdf

kde

  • kpdf

glyph_and_cog

  • pdftops

poppler

  • poppler

foolabs

  • xpdf
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024