Lucene search

RedhatCVELIST:CVE-2009-3608

HistoryOct 21, 2009 - 5:00 p.m.

CVE-2009-3608

2009-10-2117:00:00

redhat

www.cve.org

AI Score

7.3

Confidence

High

EPSS

0.063

Percentile

93.7%

JSON

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

poppler.freedesktop.org/

secunia.com/advisories/37028

secunia.com/advisories/37034

secunia.com/advisories/37037

secunia.com/advisories/37043

secunia.com/advisories/37051

secunia.com/advisories/37053

secunia.com/advisories/37054

secunia.com/advisories/37061

secunia.com/advisories/37077

secunia.com/advisories/37079

secunia.com/advisories/37114

secunia.com/advisories/37159

secunia.com/advisories/39327

secunia.com/advisories/39938

securitytracker.com/id?1023029

sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

www.debian.org/security/2009/dsa-1941

www.debian.org/security/2010/dsa-2028

www.debian.org/security/2010/dsa-2050

www.mandriva.com/security/advisories?name=MDVSA-2009:287

www.mandriva.com/security/advisories?name=MDVSA-2009:334

www.mandriva.com/security/advisories?name=MDVSA-2011:175

www.ocert.org/advisories/ocert-2009-016.html

www.openwall.com/lists/oss-security/2009/12/01/1

www.openwall.com/lists/oss-security/2009/12/01/5

www.openwall.com/lists/oss-security/2009/12/01/6

www.securityfocus.com/bid/36703

www.ubuntu.com/usn/USN-850-1

www.ubuntu.com/usn/USN-850-3

www.vupen.com/english/advisories/2009/2924

www.vupen.com/english/advisories/2009/2925

www.vupen.com/english/advisories/2009/2926

www.vupen.com/english/advisories/2009/2928

www.vupen.com/english/advisories/2010/0802

www.vupen.com/english/advisories/2010/1220

bugzilla.redhat.com/show_bug.cgi?id=526637

exchange.xforce.ibmcloud.com/vulnerabilities/53794

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536

rhn.redhat.com/errata/RHSA-2009-1501.html

rhn.redhat.com/errata/RHSA-2009-1502.html

rhn.redhat.com/errata/RHSA-2009-1503.html

rhn.redhat.com/errata/RHSA-2009-1504.html

rhn.redhat.com/errata/RHSA-2009-1512.html

rhn.redhat.com/errata/RHSA-2009-1513.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html