9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.086 Low
EPSS
Percentile
94.4%
CentOS Errata and Security Advisory CESA-2009:1504
Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.
Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use poppler
(such as Evince) to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)
Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608
issue.
This update also corrects a regression introduced in the previous poppler
security update, RHSA-2009:0480, that prevented poppler from rendering
certain PDF documents correctly. (BZ#528147)
Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-October/078430.html
https://lists.centos.org/pipermail/centos-announce/2009-October/078433.html
Affected packages:
poppler
poppler-devel
poppler-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1504
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | poppler | < 0.5.4-4.4.el5_4.11 | poppler-0.5.4-4.4.el5_4.11.i386.rpm |
CentOS | 5 | x86_64 | poppler | < 0.5.4-4.4.el5_4.11 | poppler-0.5.4-4.4.el5_4.11.x86_64.rpm |
CentOS | 5 | i386 | poppler-devel | < 0.5.4-4.4.el5_4.11 | poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm |
CentOS | 5 | x86_64 | poppler-devel | < 0.5.4-4.4.el5_4.11 | poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm |
CentOS | 5 | x86_64 | poppler-utils | < 0.5.4-4.4.el5_4.11 | poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm |
CentOS | 5 | i386 | poppler | < 0.5.4-4.4.el5_4.11 | poppler-0.5.4-4.4.el5_4.11.i386.rpm |
CentOS | 5 | x86_64 | poppler | < 0.5.4-4.4.el5_4.11 | poppler-0.5.4-4.4.el5_4.11.x86_64.rpm |
CentOS | 5 | i386 | poppler-devel | < 0.5.4-4.4.el5_4.11 | poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm |
CentOS | 5 | x86_64 | poppler-devel | < 0.5.4-4.4.el5_4.11 | poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm |
CentOS | 5 | x86_64 | poppler-utils | < 0.5.4-4.4.el5_4.11 | poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm |