9.3

CVE-2009-3607

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PopplerPoppler Version0.1
PopplerPoppler Version0.1.1
PopplerPoppler Version0.1.2
PopplerPoppler Version0.2.0
PopplerPoppler Version0.3.0
PopplerPoppler Version0.3.1
PopplerPoppler Version0.3.2
PopplerPoppler Version0.3.3
PopplerPoppler Version0.4.0
PopplerPoppler Version0.4.1
PopplerPoppler Version0.4.2
PopplerPoppler Version0.4.3
PopplerPoppler Version0.4.4
PopplerPoppler Version0.5.0
PopplerPoppler Version0.5.1
PopplerPoppler Version0.5.2
PopplerPoppler Version0.5.3
PopplerPoppler Version0.5.4
PopplerPoppler Version0.5.9
PopplerPoppler Version0.5.90
PopplerPoppler Version0.5.91
PopplerPoppler Version0.6.0
PopplerPoppler Version0.6.1
PopplerPoppler Version0.6.2
PopplerPoppler Version0.6.3
PopplerPoppler Version0.6.4
PopplerPoppler Version0.7.0
PopplerPoppler Version0.7.1
PopplerPoppler Version0.7.2
PopplerPoppler Version0.7.3
PopplerPoppler Version0.8.0
PopplerPoppler Version0.8.1
PopplerPoppler Version0.8.2
PopplerPoppler Version0.8.3
PopplerPoppler Version0.8.4
PopplerPoppler Version0.8.5
PopplerPoppler Version0.8.6
PopplerPoppler Version0.8.7
PopplerPoppler Version0.9.0
PopplerPoppler Version0.9.1
PopplerPoppler Version0.9.2
PopplerPoppler Version0.9.3
PopplerPoppler Version0.10.0
PopplerPoppler Version0.10.1
PopplerPoppler Version0.10.2
PopplerPoppler Version0.10.3
PopplerPoppler Version0.10.4
PopplerPoppler Version0.10.5
PopplerPoppler Version0.10.6
PopplerPoppler Version0.10.7
PopplerPoppler Version0.11.0
PopplerPoppler Version0.11.1
PopplerPoppler Version0.11.2
PopplerPoppler Version0.11.3
PopplerPoppler Version0.12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.91% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37114
http://www.debian.org/security/2009/dsa-1941
http://www.ubuntu.com/usn/USN-850-1
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://secunia.com/advisories/37054
Vendor Advisory
http://secunia.com/advisories/37159
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2925
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706
http://www.securityfocus.com/bid/36718
https://bugzilla.redhat.com/show_bug.cgi?id=526924
https://exchange.xforce.ibmcloud.com/vulnerabilities/53801