9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.44 Medium
EPSS
Percentile
97.3%
CentOS Errata and Security Advisory CESA-2009:1500
Xpdf is an X Window System based viewer for Portable Document Format (PDF)
files.
Multiple integer overflow flaws were found in Xpdf. An attacker could
create a malicious PDF file that would cause Xpdf to crash or, potentially,
execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,
CVE-2009-3606, CVE-2009-3609)
Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604
issue.
Users are advised to upgrade to this updated package, which contains a
backported patch to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-October/078349.html
https://lists.centos.org/pipermail/centos-announce/2009-October/078350.html
Affected packages:
xpdf
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1500
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | x86_64 | xpdf | <Β 2.02-17.el3 | xpdf-2.02-17.el3.x86_64.rpm |
CentOS | 3 | x86_64 | xpdf | <Β 2.02-17.el3 | xpdf-2.02-17.el3.x86_64.rpm |
CentOS | 3 | i386 | xpdf | <Β 2.02-17.el3 | xpdf-2.02-17.el3.i386.rpm |
CentOS | 3 | i386 | xpdf | <Β 2.02-17.el3 | xpdf-2.02-17.el3.i386.rpm |