CVE-2009-3604

high

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

References

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://rhn.redhat.com/errata/RHSA-2009-1500.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969

https://exchange.xforce.ibmcloud.com/vulnerabilities/53795

https://bugzilla.redhat.com/show_bug.cgi?id=526911

http://www.vupen.com/english/advisories/2010/1220

http://www.vupen.com/english/advisories/2010/1040

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2009/2928

http://www.vupen.com/english/advisories/2009/2924

http://www.ubuntu.com/usn/USN-850-3

http://www.ubuntu.com/usn/USN-850-1

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.debian.org/security/2010/dsa-2050

http://www.debian.org/security/2010/dsa-2028

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://securitytracker.com/id?1023029

http://secunia.com/advisories/39938

http://secunia.com/advisories/39327

http://secunia.com/advisories/37159

http://secunia.com/advisories/37114

http://secunia.com/advisories/37079

http://secunia.com/advisories/37077

http://secunia.com/advisories/37053

http://secunia.com/advisories/37043

http://secunia.com/advisories/37042

http://secunia.com/advisories/37037

http://secunia.com/advisories/37028

http://secunia.com/advisories/37023

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2

Details

Source: Mitre, NVD

Published: 2009-10-21

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High