CVE-2009-3608

Description

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

References

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://rhn.redhat.com/errata/RHSA-2009-1513.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

https://rhn.redhat.com/errata/RHSA-2009-1504.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536

https://exchange.xforce.ibmcloud.com/vulnerabilities/53794

https://bugzilla.redhat.com/show_bug.cgi?id=526637

http://www.vupen.com/english/advisories/2010/1220

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2009/2928

http://www.vupen.com/english/advisories/2009/2926

http://www.vupen.com/english/advisories/2009/2925

http://www.vupen.com/english/advisories/2009/2924

http://www.ubuntu.com/usn/USN-850-3

http://www.ubuntu.com/usn/USN-850-1

http://www.openwall.com/lists/oss-security/2009/12/01/6

http://www.openwall.com/lists/oss-security/2009/12/01/5

http://www.openwall.com/lists/oss-security/2009/12/01/1

http://www.ocert.org/advisories/ocert-2009-016.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.debian.org/security/2010/dsa-2050

http://www.debian.org/security/2010/dsa-2028

http://www.debian.org/security/2009/dsa-1941

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://securitytracker.com/id?1023029

http://secunia.com/advisories/39938

http://secunia.com/advisories/39327

http://secunia.com/advisories/37159

http://secunia.com/advisories/37114

http://secunia.com/advisories/37079

http://secunia.com/advisories/37077

http://secunia.com/advisories/37061

http://secunia.com/advisories/37054

http://secunia.com/advisories/37053

http://secunia.com/advisories/37051

http://secunia.com/advisories/37043

http://secunia.com/advisories/37037

http://secunia.com/advisories/37034

http://secunia.com/advisories/37028

http://poppler.freedesktop.org/

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3