CVE-2009-3604

Published: Oct 21, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

Affected (65)

Products: Foolabs: Xpdf · Glyphandcog: Xpdfreader · Poppler: Poppler

1 product

1 product

1 product

Configuration A

65 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Foolabs Xpdf	Version 3.02pl1
Foolabs Xpdf	Version 3.02pl2
Foolabs Xpdf	Version 3.02pl3
Glyphandcog Xpdfreader	Version 2.00
Glyphandcog Xpdfreader	Version 2.01
Glyphandcog Xpdfreader	Version 2.02
Glyphandcog Xpdfreader	Version 2.03
Glyphandcog Xpdfreader	Version 3.00
Glyphandcog Xpdfreader	Version 3.01
Glyphandcog Xpdfreader	Version 3.02
Poppler Poppler	Version 0.1.1
Poppler Poppler	Version 0.1.2
Poppler Poppler	Version 0.10.0
Poppler Poppler	Version 0.10.1
Poppler Poppler	Version 0.10.2
Poppler Poppler	Version 0.10.3
Poppler Poppler	Version 0.10.4
Poppler Poppler	Version 0.10.5
Poppler Poppler	Version 0.10.6
Poppler Poppler	Version 0.10.7
Poppler Poppler	Version 0.11.0
Poppler Poppler	Version 0.11.1
Poppler Poppler	Version 0.11.2
Poppler Poppler	Version 0.11.3
Poppler Poppler	Version 0.12.0
Poppler Poppler	Version 0.1
Poppler Poppler	Version 0.2.0
Poppler Poppler	Version 0.3.0
Poppler Poppler	Version 0.3.1
Poppler Poppler	Version 0.3.2
Poppler Poppler	Version 0.3.3
Poppler Poppler	Version 0.4.0
Poppler Poppler	Version 0.4.1
Poppler Poppler	Version 0.4.2
Poppler Poppler	Version 0.4.3
Poppler Poppler	Version 0.4.4
Poppler Poppler	Version 0.5.0
Poppler Poppler	Version 0.5.1
Poppler Poppler	Version 0.5.2
Poppler Poppler	Version 0.5.3
Poppler Poppler	Version 0.5.4
Poppler Poppler	Version 0.5.90
Poppler Poppler	Version 0.5.91
Poppler Poppler	Version 0.5.9
Poppler Poppler	Version 0.6.0
Poppler Poppler	Version 0.6.1
Poppler Poppler	Version 0.6.2
Poppler Poppler	Version 0.6.3
Poppler Poppler	Version 0.6.4
Poppler Poppler	Version 0.7.0
Poppler Poppler	Version 0.7.1
Poppler Poppler	Version 0.7.2
Poppler Poppler	Version 0.7.3
Poppler Poppler	Version 0.8.0
Poppler Poppler	Version 0.8.1
Poppler Poppler	Version 0.8.2
Poppler Poppler	Version 0.8.3
Poppler Poppler	Version 0.8.4
Poppler Poppler	Version 0.8.5
Poppler Poppler	Version 0.8.6
Poppler Poppler	Version 0.8.7
Poppler Poppler	Version 0.9.0
Poppler Poppler	Version 0.9.1
Poppler Poppler	Version 0.9.2
Poppler Poppler	Version 0.9.3

Running on/with	Platform Versions
Gnome Gpdf	All versions
Kde Kpdf	All versions

Related CWEs

CWE-399

References (92)

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch (unsafe URL)

Source: secalert@redhat.com

Patch

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2

Source: secalert@redhat.com

http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

Source: secalert@redhat.com

http://secunia.com/advisories/37023

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37028

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37037

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37042

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37043

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37053

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37077

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37079

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37114

Source: secalert@redhat.com

http://secunia.com/advisories/37159

Source: secalert@redhat.com

http://secunia.com/advisories/39327

Source: secalert@redhat.com

http://secunia.com/advisories/39938

Source: secalert@redhat.com

http://securitytracker.com/id?1023029

Source: secalert@redhat.com

http://site.pi3.com.pl/adv/xpdf.txt

Source: secalert@redhat.com

Exploit

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-2028

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-2050

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

Source: secalert@redhat.com

http://www.securityfocus.com/bid/36703

Source: secalert@redhat.com

ExploitPatch

http://www.ubuntu.com/usn/USN-850-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-850-3

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/2924

Source: secalert@redhat.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/2928

Source: secalert@redhat.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/0802

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1040

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1220

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=526911

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/53795

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1500.html

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1501.html

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1502.html

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1503.html

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1512.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Source: secalert@redhat.com

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch (unsafe URL)