Lucene search

[email protected]NVD:CVE-2009-3609

HistoryOct 21, 2009 - 5:30 p.m.

CVE-2009-3609

2009-10-2117:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.6

Confidence

High

EPSS

0.013

Percentile

85.7%

JSON

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

Affected configurations

Nvd

Node

foolabsxpdfMatch3.02pl1

foolabsxpdfMatch3.02pl2

foolabsxpdfMatch3.02pl3

glyphandcogxpdfreaderMatch3.00

glyphandcogxpdfreaderMatch3.01

glyphandcogxpdfreaderMatch3.02

popplerpopplerRange≤0.12.0

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

popplerpopplerMatch0.10.5

popplerpopplerMatch0.10.6

popplerpopplerMatch0.10.7

popplerpopplerMatch0.11.0

popplerpopplerMatch0.11.1

popplerpopplerMatch0.11.2

popplerpopplerMatch0.11.3

AND

glyph_and_cogpdftops

gnomegpdf

kdekpdf

VendorProductVersionCPE
foolabsxpdf3.02pl1cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
foolabsxpdf3.02pl2cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
foolabsxpdf3.02pl3cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
glyphandcogxpdfreader3.00cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
glyphandcogxpdfreader3.01cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
glyphandcogxpdfreader3.02cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
popplerpoppler*cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
popplerpoppler0.1cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
popplerpoppler0.1.1cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
popplerpoppler0.1.2cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foolabs	xpdf	3.02pl1	cpe:2.3:a:foolabs:xpdf:3.02pl1:::::::*
foolabs	xpdf	3.02pl2	cpe:2.3:a:foolabs:xpdf:3.02pl2:::::::*
foolabs	xpdf	3.02pl3	cpe:2.3:a:foolabs:xpdf:3.02pl3:::::::*
glyphandcog	xpdfreader	3.00	cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*
glyphandcog	xpdfreader	3.01	cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::*
glyphandcog	xpdfreader	3.02	cpe:2.3:a:glyphandcog:xpdfreader:3.02:::::::*
poppler	poppler	*	cpe:2.3:a:poppler:poppler::::::::
poppler	poppler	0.1	cpe:2.3:a:poppler:poppler:0.1:::::::*
poppler	poppler	0.1.1	cpe:2.3:a:poppler:poppler:0.1.1:::::::*
poppler	poppler	0.1.2	cpe:2.3:a:poppler:poppler:0.1.2:::::::*

Rows per page:

1-10 of 611

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

poppler.freedesktop.org/

secunia.com/advisories/37023

secunia.com/advisories/37028

secunia.com/advisories/37034

secunia.com/advisories/37037

secunia.com/advisories/37043

secunia.com/advisories/37051

secunia.com/advisories/37054

secunia.com/advisories/37061

secunia.com/advisories/37077

secunia.com/advisories/37079

secunia.com/advisories/37114

secunia.com/advisories/37159

secunia.com/advisories/39327

secunia.com/advisories/39938

securitytracker.com/id?1023029

sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

www.debian.org/security/2010/dsa-2028

www.debian.org/security/2010/dsa-2050

www.mandriva.com/security/advisories?name=MDVSA-2009:287

www.mandriva.com/security/advisories?name=MDVSA-2009:334

www.mandriva.com/security/advisories?name=MDVSA-2011:175

www.redhat.com/support/errata/RHSA-2010-0755.html

www.securityfocus.com/bid/36703

www.ubuntu.com/usn/USN-850-1

www.ubuntu.com/usn/USN-850-3

www.vupen.com/english/advisories/2009/2924

www.vupen.com/english/advisories/2009/2925

www.vupen.com/english/advisories/2009/2926

www.vupen.com/english/advisories/2009/2928

www.vupen.com/english/advisories/2010/0802

www.vupen.com/english/advisories/2010/1220

bugzilla.redhat.com/show_bug.cgi?id=526893

exchange.xforce.ibmcloud.com/vulnerabilities/53800

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134

rhn.redhat.com/errata/RHSA-2009-1500.html

rhn.redhat.com/errata/RHSA-2009-1501.html

rhn.redhat.com/errata/RHSA-2009-1502.html

rhn.redhat.com/errata/RHSA-2009-1503.html

rhn.redhat.com/errata/RHSA-2009-1504.html

rhn.redhat.com/errata/RHSA-2009-1512.html

rhn.redhat.com/errata/RHSA-2009-1513.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.6

Confidence

High

EPSS

0.013

Percentile

85.7%

JSON

Related for NVD:CVE-2009-3609

nessus62 debiancve1 veracode1 cvelist1 ubuntucve1 prion1 cve1 openvas91 centos9 redhat9 oraclelinux6 ubuntu2 securityvulns2 fedora5 debian2 osv2 slackware2 altlinux1