CVE-2009-3609
Last modified
CVE-2009-3609 is a vulnerability of currently unknown severity. Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.. EPSS estimates a 4.48% chance of exploitation in the next 30 days.
Description
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Foolabs | Xpdf | 3.02pl1 |
| Foolabs | Xpdf | 3.02pl2 |
| Foolabs | Xpdf | 3.02pl3 |
| Glyphandcog | Xpdfreader | 3.00 |
| Glyphandcog | Xpdfreader | 3.01 |
| Glyphandcog | Xpdfreader | 3.02 |
| Poppler | Poppler | <= 0.12.0 |
| Poppler | Poppler | 0.1 |
| Poppler | Poppler | 0.1.1 |
| Poppler | Poppler | 0.1.2 |
| Poppler | Poppler | 0.2.0 |
| Poppler | Poppler | 0.3.0 |
| Poppler | Poppler | 0.3.1 |
| Poppler | Poppler | 0.3.2 |
| Poppler | Poppler | 0.3.3 |
| Poppler | Poppler | 0.4.0 |
| Poppler | Poppler | 0.4.1 |
| Poppler | Poppler | 0.4.2 |
| Poppler | Poppler | 0.4.3 |
| Poppler | Poppler | 0.4.4 |
| Poppler | Poppler | 0.5.0 |
| Poppler | Poppler | 0.5.1 |
| Poppler | Poppler | 0.5.2 |
| Poppler | Poppler | 0.5.3 |
| Poppler | Poppler | 0.5.4 |
| Poppler | Poppler | 0.5.9 |
| Poppler | Poppler | 0.6.0 |
| Poppler | Poppler | 0.6.1 |
| Poppler | Poppler | 0.6.2 |
| Poppler | Poppler | 0.6.3 |
| Poppler | Poppler | 0.6.4 |
| Poppler | Poppler | 0.7.0 |
| Poppler | Poppler | 0.7.1 |
| Poppler | Poppler | 0.7.2 |
| Poppler | Poppler | 0.7.3 |
| Poppler | Poppler | 0.8.0 |
| Poppler | Poppler | 0.8.1 |
| Poppler | Poppler | 0.8.2 |
| Poppler | Poppler | 0.8.3 |
| Poppler | Poppler | 0.8.4 |
| Poppler | Poppler | 0.8.6 |
| Poppler | Poppler | 0.8.7 |
| Poppler | Poppler | 0.9.0 |
| Poppler | Poppler | 0.9.1 |
| Poppler | Poppler | 0.9.2 |
| Poppler | Poppler | 0.9.3 |
| Poppler | Poppler | 0.10.0 |
| Poppler | Poppler | 0.10.1 |
| Poppler | Poppler | 0.10.2 |
| Poppler | Poppler | 0.10.3 |
Showing 50 of 58 affected configurations. See NVD for the full list.
References
- http://poppler.freedesktop.org/Patch, Vendor Advisory
- http://secunia.com/advisories/37023Vendor Advisory
- http://secunia.com/advisories/37028Vendor Advisory
- http://secunia.com/advisories/37034Vendor Advisory
- http://secunia.com/advisories/37037Vendor Advisory
- http://secunia.com/advisories/37043Vendor Advisory
- http://secunia.com/advisories/37051Vendor Advisory
- http://secunia.com/advisories/37054Vendor Advisory
- http://secunia.com/advisories/37061Vendor Advisory
- http://secunia.com/advisories/37077Vendor Advisory
- http://secunia.com/advisories/37079Vendor Advisory
- http://www.securityfocus.com/bid/36703Exploit, Patch
- http://www.vupen.com/english/advisories/2009/2924Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2925Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2926Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2928Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=526893Exploit, Patch
- http://poppler.freedesktop.org/Patch, Vendor Advisory
- http://secunia.com/advisories/37023Vendor Advisory
- http://secunia.com/advisories/37028Vendor Advisory
- http://secunia.com/advisories/37034Vendor Advisory
- http://secunia.com/advisories/37037Vendor Advisory
- http://secunia.com/advisories/37043Vendor Advisory
- http://secunia.com/advisories/37051Vendor Advisory
- http://secunia.com/advisories/37054Vendor Advisory
- http://secunia.com/advisories/37061Vendor Advisory
- http://secunia.com/advisories/37077Vendor Advisory
- http://secunia.com/advisories/37079Vendor Advisory
- http://www.securityfocus.com/bid/36703Exploit, Patch
- http://www.vupen.com/english/advisories/2009/2924Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2925Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2926Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2928Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=526893Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3609?
How severe is CVE-2009-3609?
How do I fix CVE-2009-3609?
Are you affected by CVE-2009-3609?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST