Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3605

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-3605
Last Modified 18 Jan 2012 10:41:57
Published 02 Nov 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3605

Summary

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Vulnerable Systems

Application

  • Poppler 0.1

  • Poppler 0.1.1

  • Poppler 0.1.2

  • Poppler 0.10.0

  • Poppler 0.10.1

  • Poppler 0.10.2

  • Poppler 0.10.3

  • Poppler 0.10.4

  • Poppler 0.10.5

  • Poppler 0.2.0

  • Poppler 0.3.0

  • Poppler 0.3.1

  • Poppler 0.3.2

  • Poppler 0.3.3

  • Poppler 0.4.0

  • Poppler 0.4.1

  • Poppler 0.4.2

  • Poppler 0.4.3

  • Poppler 0.4.4

  • Poppler 0.5.0

  • Poppler 0.5.1

  • Poppler 0.5.2

  • Poppler 0.5.3

  • Poppler 0.5.4

  • Poppler 0.5.9

  • Poppler 0.5.90

  • Poppler 0.5.91

  • Poppler 0.6.0

  • Poppler 0.6.1

  • Poppler 0.6.2

  • Poppler 0.6.3

  • Poppler 0.6.4

  • Poppler 0.7.0

  • Poppler 0.7.1

  • Poppler 0.7.2

  • Poppler 0.7.3

  • Poppler 0.8.0

  • Poppler 0.8.1

  • Poppler 0.8.2

  • Poppler 0.8.3

  • Poppler 0.8.4

  • Poppler 0.8.5

  • Poppler 0.8.6

  • Poppler 0.8.7

  • Poppler 0.9.0

  • Poppler 0.9.1

  • Poppler 0.9.2

  • Poppler 0.9.3


References

CONFIRM - https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz

CONFIRM - https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=491840

CONFIRM - https://bugs.launchpad.net/bugs/cve/2009-3605

UBUNTU - USN-850-1

MANDRIVA - MDVSA-2009:334

SUNALERT - 1021706

SUNALERT - 274030

SECUNIA - 37114

SUSE - SUSE-SR:2009:018

CONFIRM - http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8

CONFIRM - http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a

CONFIRM - http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5

MANDRIVA - MDVSA-2011:175

Related Patches

Novell SUSE 2009:6556 xpdf security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:57:20