6.8
CVE-2009-3938
- EPSS 5.32%
- Veröffentlicht 13.11.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.32% | 0.916 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.debian.org/security/2009/dsa-1941
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680
http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edit
http://bugs.freedesktop.org/show_bug.cgi?id=23074
http://secunia.com/advisories/37333
http://www.securityfocus.com/bid/36976
http://www.vupen.com/english/advisories/2009/3227
https://exchange.xforce.ibmcloud.com/vulnerabilities/54215