9.3
CVE-2009-3608
- EPSS 10.23%
- Veröffentlicht 21.10.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:00
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Glyphandcog ≫ Xpdfreader Version3.00
Glyphandcog ≫ Xpdfreader Version3.01
Glyphandcog ≫ Xpdfreader Version3.02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.23% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/37114
http://www.debian.org/security/2009/dsa-1941
http://www.ubuntu.com/usn/USN-850-1
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37053
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://poppler.freedesktop.org/
http://secunia.com/advisories/37034
http://secunia.com/advisories/37054
http://secunia.com/advisories/37159
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.securityfocus.com/bid/36703
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
http://www.vupen.com/english/advisories/2009/2925
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
http://secunia.com/advisories/37051
http://secunia.com/advisories/37061
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.vupen.com/english/advisories/2009/2926
https://bugzilla.redhat.com/show_bug.cgi?id=526637
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
https://rhn.redhat.com/errata/RHSA-2009-1513.html