9.3

CVE-2009-3608

Exploit

EPSS 6.22%
Published 21.10.2009 17:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Affected products Warnungen 0 Metrics 2 CWE 0 References 56

Data is provided by the National Vulnerability Database (NVD)

Foolabs ≫ Xpdf Version3.02pl1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Foolabs ≫ Xpdf Version3.02pl2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Foolabs ≫ Xpdf Version3.02pl3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Glyphandcog ≫ Xpdfreader Version3.00

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Glyphandcog ≫ Xpdfreader Version3.01

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Glyphandcog ≫ Xpdfreader Version3.02

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version <= 0.12.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.1.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.1.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.2.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.3.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.3.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.3.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.3.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.4.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.4.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.4.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.4.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.4.4

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.5.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.5.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.5.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.5.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.5.4

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.5.9

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.6.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.6.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.6.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.6.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.6.4

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.7.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.7.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.7.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.7.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.4

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.6

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.8.7

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.9.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.9.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.9.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.9.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.4

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.5

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.6

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.10.7

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.11.0

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.11.1

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.11.2

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Poppler ≫ Poppler Version0.11.3

   Glyph And Cog ≫ Pdftops
   Gnome ≫ Gpdf
   Kde ≫ Kpdf
   Tetex ≫ Tetex

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.22%	0.899

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/37114

http://www.debian.org/security/2009/dsa-1941

http://www.ubuntu.com/usn/USN-850-1

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://secunia.com/advisories/37028

Vendor Advisory

http://secunia.com/advisories/37037

Vendor Advisory

http://secunia.com/advisories/37043

Vendor Advisory

http://secunia.com/advisories/37053

Vendor Advisory

http://secunia.com/advisories/37077

Vendor Advisory

http://secunia.com/advisories/37079

Vendor Advisory

http://secunia.com/advisories/39327

http://secunia.com/advisories/39938

http://www.debian.org/security/2010/dsa-2028

http://www.debian.org/security/2010/dsa-2050

http://www.vupen.com/english/advisories/2009/2928

Vendor Advisory

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2010/1220

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Patch

http://poppler.freedesktop.org/

Patch

Vendor Advisory

http://secunia.com/advisories/37034

Vendor Advisory

http://secunia.com/advisories/37054

Vendor Advisory

http://secunia.com/advisories/37159

http://securitytracker.com/id?1023029

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.securityfocus.com/bid/36703

Patch

Exploit

http://www.ubuntu.com/usn/USN-850-3

http://www.vupen.com/english/advisories/2009/2924

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2009/2925

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1504.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

http://www.openwall.com/lists/oss-security/2009/12/01/1

http://www.openwall.com/lists/oss-security/2009/12/01/5

http://www.openwall.com/lists/oss-security/2009/12/01/6

http://secunia.com/advisories/37051

Vendor Advisory

http://secunia.com/advisories/37061

Vendor Advisory

http://www.ocert.org/advisories/ocert-2009-016.html

http://www.vupen.com/english/advisories/2009/2926

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=526637

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/53794

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536

https://rhn.redhat.com/errata/RHSA-2009-1513.html

https://nvd.nist.gov/vuln/detail/CVE-2009-3608

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3608

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3608

EUVD