Lucene search

[email protected]CVE-2009-3607

HistoryOct 21, 2009 - 5:30 p.m.

CVE-2009-3607

2009-10-2117:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-3607

integer overflow

denial of service

memory corruption

arbitrary code execution

poppler

pdf

heap-based buffer overflow

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.5.90

popplerpopplerMatch0.5.91

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.5

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

popplerpopplerMatch0.10.5

popplerpopplerMatch0.10.6

popplerpopplerMatch0.10.7

popplerpopplerMatch0.11.0

popplerpopplerMatch0.11.1

popplerpopplerMatch0.11.2

popplerpopplerMatch0.11.3

popplerpopplerMatch0.12.0

CPENameOperatorVersion
poppler:popplerpopplereq0.1
poppler:popplerpopplereq0.1.1
poppler:popplerpopplereq0.1.2
poppler:popplerpopplereq0.2.0
poppler:popplerpopplereq0.3.0
poppler:popplerpopplereq0.3.1
poppler:popplerpopplereq0.3.2
poppler:popplerpopplereq0.3.3
poppler:popplerpopplereq0.4.0
poppler:popplerpopplereq0.4.1

CPE	Name	Operator	Version
poppler:poppler	poppler	eq	0.1
poppler:poppler	poppler	eq	0.1.1
poppler:poppler	poppler	eq	0.1.2
poppler:poppler	poppler	eq	0.2.0
poppler:poppler	poppler	eq	0.3.0
poppler:poppler	poppler	eq	0.3.1
poppler:poppler	poppler	eq	0.3.2
poppler:poppler	poppler	eq	0.3.3
poppler:poppler	poppler	eq	0.4.0
poppler:poppler	poppler	eq	0.4.1