4.3

CVE-2009-3609

Exploit
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoolabsXpdf Version3.02pl1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
FoolabsXpdf Version3.02pl2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
FoolabsXpdf Version3.02pl3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version3.00
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version3.01
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
GlyphandcogXpdfreader Version3.02
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version <= 0.12.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.1.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.1.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.2.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.3.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.4.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.5.9
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.6.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.7.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.6
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.8.7
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.9.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.4
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.5
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.6
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.10.7
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.0
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.1
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.2
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
PopplerPoppler Version0.11.3
   Glyph And CogPdftops
   GnomeGpdf
   KdeKpdf
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.48% 0.902
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37114
http://www.ubuntu.com/usn/USN-850-1
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://secunia.com/advisories/37028
Vendor Advisory
http://secunia.com/advisories/37037
Vendor Advisory
http://secunia.com/advisories/37043
Vendor Advisory
http://secunia.com/advisories/37077
Vendor Advisory
http://secunia.com/advisories/37079
Vendor Advisory
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.vupen.com/english/advisories/2009/2928
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://secunia.com/advisories/37023
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
https://rhn.redhat.com/errata/RHSA-2009-1500.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
Exploit
http://poppler.freedesktop.org/
Patch
Vendor Advisory
http://secunia.com/advisories/37034
Vendor Advisory
http://secunia.com/advisories/37054
Vendor Advisory
http://secunia.com/advisories/37159
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.securityfocus.com/bid/36703
Patch
Exploit
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2925
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1504.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://secunia.com/advisories/37051
Vendor Advisory
http://secunia.com/advisories/37061
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2926
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://www.redhat.com/support/errata/RHSA-2010-0755.html
https://bugzilla.redhat.com/show_bug.cgi?id=526893
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134