Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3603

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-3603
Last Modified 18 Jan 2012 10:41:56
Published 21 Oct 2009 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3603

Summary

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.

Vulnerable Systems

Application

  • Foolabs Xpdf 3.00

  • Foolabs Xpdf 3.01

  • Foolabs Xpdf 3.02

  • Foolabs Xpdf 3.02pl1

  • Foolabs Xpdf 3.02pl2

  • Foolabs Xpdf 3.02pl3

  • Poppler 0.1

  • Poppler 0.1.1

  • Poppler 0.1.2

  • Poppler 0.10.0

  • Poppler 0.10.1

  • Poppler 0.10.2

  • Poppler 0.10.3

  • Poppler 0.10.4

  • Poppler 0.10.5

  • Poppler 0.10.6

  • Poppler 0.10.7

  • Poppler 0.11.0

  • Poppler 0.11.1

  • Poppler 0.11.2

  • Poppler 0.11.3

  • Poppler 0.12.0

  • Poppler 0.2.0

  • Poppler 0.3.0

  • Poppler 0.3.1

  • Poppler 0.3.2

  • Poppler 0.3.3

  • Poppler 0.4.0

  • Poppler 0.4.1

  • Poppler 0.4.2

  • Poppler 0.4.3

  • Poppler 0.4.4

  • Poppler 0.5.0

  • Poppler 0.5.1

  • Poppler 0.5.2

  • Poppler 0.5.3

  • Poppler 0.5.4

  • Poppler 0.5.9

  • Poppler 0.6.0

  • Poppler 0.6.1

  • Poppler 0.6.2

  • Poppler 0.6.3

  • Poppler 0.6.4

  • Poppler 0.7.0

  • Poppler 0.7.1

  • Poppler 0.7.2

  • Poppler 0.7.3

  • Poppler 0.8.0

  • Poppler 0.8.1

  • Poppler 0.8.2

  • Poppler 0.8.3

  • Poppler 0.8.4

  • Poppler 0.8.6

  • Poppler 0.8.7

  • Poppler 0.9.0

  • Poppler 0.9.1

  • Poppler 0.9.2

  • Poppler 0.9.3


References

VUPEN - ADV-2009-2925

VUPEN - ADV-2009-2924

BID - 36703

CONFIRM - http://poppler.freedesktop.org/

CONFIRM - ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

FEDORA - FEDORA-2009-10845

FEDORA - FEDORA-2009-10823

REDHAT - RHSA-2009:1504

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=526915

XF - xpdf-splashbitmap-bo(53793)

VUPEN - ADV-2010-1220

VUPEN - ADV-2010-1040

VUPEN - ADV-2010-0802

UBUNTU - USN-850-3

UBUNTU - USN-850-1

MANDRIVA - MDVSA-2010:087

MANDRIVA - MDVSA-2009:287

DEBIAN - DSA-2050

DEBIAN - DSA-2028

SUNALERT - 1021706

SUNALERT - 274030

SECTRACK - 1023029

SECUNIA - 39938

SECUNIA - 39327

SECUNIA - 37159

SECUNIA - 37114

SECUNIA - 37054

SECUNIA - 37053

SECUNIA - 37034

SUSE - SUSE-SR:2009:018

FEDORA - FEDORA-2010-1377

FEDORA - FEDORA-2010-1842

FEDORA - FEDORA-2010-1805

MANDRIVA - MDVSA-2011:175

Related Patches

Novell SUSE 2009:6556 xpdf security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:57:20