9.3

CVE-2009-3604

Exploit

EPSS 9.74%
Veröffentlicht 21.10.2009 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 49

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foolabs ≫ Xpdf Version3.02pl1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Foolabs ≫ Xpdf Version3.02pl2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Foolabs ≫ Xpdf Version3.02pl3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version2.00

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version2.01

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version2.02

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version2.03

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version3.00

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version3.01

Gnome ≫ Gpdf
Kde ≫ Kpdf

Glyphandcog ≫ Xpdfreader Version3.02

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.1.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.1.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.2.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.3.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.3.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.3.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.3.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.4.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.4.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.4.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.4.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.4.4

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.4

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.9

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.90

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.5.91

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.6.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.6.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.6.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.6.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.6.4

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.7.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.7.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.7.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.7.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.4

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.5

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.6

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.8.7

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.9.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.9.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.9.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.9.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.4

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.5

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.6

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.10.7

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.11.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.11.1

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.11.2

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.11.3

Gnome ≫ Gpdf
Kde ≫ Kpdf

Poppler ≫ Poppler Version0.12.0

Gnome ≫ Gpdf
Kde ≫ Kpdf

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.74%	0.926

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/37114

http://www.ubuntu.com/usn/USN-850-1

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.vupen.com/english/advisories/2010/1040

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://secunia.com/advisories/37028

Vendor Advisory

http://secunia.com/advisories/37037

Vendor Advisory

http://secunia.com/advisories/37043

Vendor Advisory

http://secunia.com/advisories/37053

Vendor Advisory

http://secunia.com/advisories/37077

Vendor Advisory

http://secunia.com/advisories/37079

Vendor Advisory

http://secunia.com/advisories/39327

http://secunia.com/advisories/39938

http://www.debian.org/security/2010/dsa-2028

http://www.debian.org/security/2010/dsa-2050

http://www.vupen.com/english/advisories/2009/2928

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2010/1220

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

http://secunia.com/advisories/37023

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1500.html

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Patch

http://secunia.com/advisories/37159

http://securitytracker.com/id?1023029

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.securityfocus.com/bid/36703

Patch

Exploit

http://www.ubuntu.com/usn/USN-850-3

http://www.vupen.com/english/advisories/2009/2924

Patch

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2

http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2

http://secunia.com/advisories/37042

Vendor Advisory

http://site.pi3.com.pl/adv/xpdf.txt

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=526911

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/53795

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969

https://nvd.nist.gov/vuln/detail/CVE-2009-3604

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3604

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3604

EUVD