9.3

CVE-2009-3603

Exploit
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.  NOTE: some of these details are obtained from third party information.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoolabsXpdf Version3.02pl1
FoolabsXpdf Version3.02pl2
FoolabsXpdf Version3.02pl3
GlyphandcogXpdfreader Version3.00
GlyphandcogXpdfreader Version3.01
GlyphandcogXpdfreader Version3.02
PopplerPoppler Version <= 0.12.0
PopplerPoppler Version0.1
PopplerPoppler Version0.1.1
PopplerPoppler Version0.1.2
PopplerPoppler Version0.2.0
PopplerPoppler Version0.3.0
PopplerPoppler Version0.3.1
PopplerPoppler Version0.3.2
PopplerPoppler Version0.3.3
PopplerPoppler Version0.4.0
PopplerPoppler Version0.4.1
PopplerPoppler Version0.4.2
PopplerPoppler Version0.4.3
PopplerPoppler Version0.4.4
PopplerPoppler Version0.5.0
PopplerPoppler Version0.5.1
PopplerPoppler Version0.5.2
PopplerPoppler Version0.5.3
PopplerPoppler Version0.5.4
PopplerPoppler Version0.5.9
PopplerPoppler Version0.6.0
PopplerPoppler Version0.6.1
PopplerPoppler Version0.6.2
PopplerPoppler Version0.6.3
PopplerPoppler Version0.6.4
PopplerPoppler Version0.7.0
PopplerPoppler Version0.7.1
PopplerPoppler Version0.7.2
PopplerPoppler Version0.7.3
PopplerPoppler Version0.8.0
PopplerPoppler Version0.8.1
PopplerPoppler Version0.8.2
PopplerPoppler Version0.8.3
PopplerPoppler Version0.8.4
PopplerPoppler Version0.8.6
PopplerPoppler Version0.8.7
PopplerPoppler Version0.9.0
PopplerPoppler Version0.9.1
PopplerPoppler Version0.9.2
PopplerPoppler Version0.9.3
PopplerPoppler Version0.10.0
PopplerPoppler Version0.10.1
PopplerPoppler Version0.10.2
PopplerPoppler Version0.10.3
PopplerPoppler Version0.10.4
PopplerPoppler Version0.10.5
PopplerPoppler Version0.10.6
PopplerPoppler Version0.10.7
PopplerPoppler Version0.11.0
PopplerPoppler Version0.11.1
PopplerPoppler Version0.11.2
PopplerPoppler Version0.11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.58% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37114
http://www.ubuntu.com/usn/USN-850-1
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.vupen.com/english/advisories/2010/1040
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://secunia.com/advisories/37053
Vendor Advisory
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://bugzilla.redhat.com/show_bug.cgi?id=526915
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
Patch
http://poppler.freedesktop.org/
Patch
Vendor Advisory
http://secunia.com/advisories/37034
Vendor Advisory
http://secunia.com/advisories/37054
Vendor Advisory
http://secunia.com/advisories/37159
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.securityfocus.com/bid/36703
Patch
Exploit
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53793
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html