9.3

CVE-2009-3608

Exploit
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoolabsXpdf Version3.02pl1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
FoolabsXpdf Version3.02pl2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
FoolabsXpdf Version3.02pl3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
GlyphandcogXpdfreader Version3.00
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
GlyphandcogXpdfreader Version3.01
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
GlyphandcogXpdfreader Version3.02
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version <= 0.12.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.1.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.1.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.2.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.3.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.3.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.3.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.3.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.4.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.4.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.4.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.4.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.4.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.5.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.5.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.5.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.5.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.5.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.5.9
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.6.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.6.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.6.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.6.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.6.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.7.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.7.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.7.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.7.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.6
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.8.7
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.9.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.9.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.9.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.9.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.5
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.6
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.10.7
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.11.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.11.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.11.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
PopplerPoppler Version0.11.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
   TetexTetex
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.23% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37114
http://www.debian.org/security/2009/dsa-1941
http://www.ubuntu.com/usn/USN-850-1
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://secunia.com/advisories/37028
Vendor Advisory
http://secunia.com/advisories/37037
Vendor Advisory
http://secunia.com/advisories/37043
Vendor Advisory
http://secunia.com/advisories/37053
Vendor Advisory
http://secunia.com/advisories/37077
Vendor Advisory
http://secunia.com/advisories/37079
Vendor Advisory
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.vupen.com/english/advisories/2009/2928
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
Patch
http://poppler.freedesktop.org/
Patch
Vendor Advisory
http://secunia.com/advisories/37034
Vendor Advisory
http://secunia.com/advisories/37054
Vendor Advisory
http://secunia.com/advisories/37159
http://securitytracker.com/id?1023029
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.securityfocus.com/bid/36703
Patch
Exploit
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://secunia.com/advisories/37051
Vendor Advisory
http://secunia.com/advisories/37061
Vendor Advisory
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.vupen.com/english/advisories/2009/2926
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=526637
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
https://rhn.redhat.com/errata/RHSA-2009-1513.html