Lucene search

[email protected]NVD:CVE-2009-3608

HistoryOct 21, 2009 - 5:30 p.m.

CVE-2009-3608

2009-10-2117:30:00

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.086 Low

EPSS

Percentile

94.5%

JSON

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

foolabsxpdfMatch3.02pl1

foolabsxpdfMatch3.02pl2

foolabsxpdfMatch3.02pl3

glyphandcogxpdfreaderMatch3.00

glyphandcogxpdfreaderMatch3.01

glyphandcogxpdfreaderMatch3.02

popplerpopplerRange≤0.12.0

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

popplerpopplerMatch0.10.5

popplerpopplerMatch0.10.6

popplerpopplerMatch0.10.7

popplerpopplerMatch0.11.0

popplerpopplerMatch0.11.1

popplerpopplerMatch0.11.2

popplerpopplerMatch0.11.3

AND

glyph_and_cogpdftops

gnomegpdf

kdekpdf

tetextetex

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

poppler.freedesktop.org/

secunia.com/advisories/37028

secunia.com/advisories/37034

secunia.com/advisories/37037

secunia.com/advisories/37043

secunia.com/advisories/37051

secunia.com/advisories/37053

secunia.com/advisories/37054

secunia.com/advisories/37061

secunia.com/advisories/37077

secunia.com/advisories/37079

secunia.com/advisories/37114

secunia.com/advisories/37159

secunia.com/advisories/39327

secunia.com/advisories/39938

securitytracker.com/id?1023029

sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

www.debian.org/security/2009/dsa-1941

www.debian.org/security/2010/dsa-2028

www.debian.org/security/2010/dsa-2050

www.mandriva.com/security/advisories?name=MDVSA-2009:287

www.mandriva.com/security/advisories?name=MDVSA-2009:334

www.mandriva.com/security/advisories?name=MDVSA-2011:175

www.ocert.org/advisories/ocert-2009-016.html

www.openwall.com/lists/oss-security/2009/12/01/1

www.openwall.com/lists/oss-security/2009/12/01/5

www.openwall.com/lists/oss-security/2009/12/01/6

www.securityfocus.com/bid/36703

www.ubuntu.com/usn/USN-850-1

www.ubuntu.com/usn/USN-850-3

www.vupen.com/english/advisories/2009/2924

www.vupen.com/english/advisories/2009/2925

www.vupen.com/english/advisories/2009/2926

www.vupen.com/english/advisories/2009/2928

www.vupen.com/english/advisories/2010/0802

www.vupen.com/english/advisories/2010/1220

bugzilla.redhat.com/show_bug.cgi?id=526637

exchange.xforce.ibmcloud.com/vulnerabilities/53794

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536

rhn.redhat.com/errata/RHSA-2009-1501.html

rhn.redhat.com/errata/RHSA-2009-1502.html

rhn.redhat.com/errata/RHSA-2009-1503.html

rhn.redhat.com/errata/RHSA-2009-1504.html

rhn.redhat.com/errata/RHSA-2009-1512.html

rhn.redhat.com/errata/RHSA-2009-1513.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.086 Low

EPSS

Percentile

94.5%

JSON

Related for NVD:CVE-2009-3608

cve2 altlinux3 ubuntucve1 veracode1 prion1 cvelist1 securityvulns3 debiancve1 nessus57 openvas95 oraclelinux5 centos6 redhat6 nvd1 ubuntu3 fedora7 debian2 osv2 slackware2