CVE-2009-3605

Published: Nov 2, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Affected (48)

Products: Poppler: Poppler

1 product

Configuration A

48 vulnerable

Vulnerable Software	Affected Versions
Poppler Poppler	Up to 0.10.5
Poppler Poppler	Version 0.1.1
Poppler Poppler	Version 0.1.2
Poppler Poppler	Version 0.10.0
Poppler Poppler	Version 0.10.1
Poppler Poppler	Version 0.10.2
Poppler Poppler	Version 0.10.3
Poppler Poppler	Version 0.10.4
Poppler Poppler	Version 0.1
Poppler Poppler	Version 0.2.0
Poppler Poppler	Version 0.3.0
Poppler Poppler	Version 0.3.1
Poppler Poppler	Version 0.3.2
Poppler Poppler	Version 0.3.3
Poppler Poppler	Version 0.4.0
Poppler Poppler	Version 0.4.1
Poppler Poppler	Version 0.4.2
Poppler Poppler	Version 0.4.3
Poppler Poppler	Version 0.4.4
Poppler Poppler	Version 0.5.0
Poppler Poppler	Version 0.5.1
Poppler Poppler	Version 0.5.2
Poppler Poppler	Version 0.5.3
Poppler Poppler	Version 0.5.4
Poppler Poppler	Version 0.5.90
Poppler Poppler	Version 0.5.91
Poppler Poppler	Version 0.5.9
Poppler Poppler	Version 0.6.0
Poppler Poppler	Version 0.6.1
Poppler Poppler	Version 0.6.2
Poppler Poppler	Version 0.6.3
Poppler Poppler	Version 0.6.4
Poppler Poppler	Version 0.7.0
Poppler Poppler	Version 0.7.1
Poppler Poppler	Version 0.7.2
Poppler Poppler	Version 0.7.3
Poppler Poppler	Version 0.8.0
Poppler Poppler	Version 0.8.1
Poppler Poppler	Version 0.8.2
Poppler Poppler	Version 0.8.3
Poppler Poppler	Version 0.8.4
Poppler Poppler	Version 0.8.5
Poppler Poppler	Version 0.8.6
Poppler Poppler	Version 0.8.7
Poppler Poppler	Version 0.9.0
Poppler Poppler	Version 0.9.1
Poppler Poppler	Version 0.9.2
Poppler Poppler	Version 0.9.3

Related CWEs

References (30)

http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5

Source: secalert@redhat.com

http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a

Source: secalert@redhat.com

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

Source: secalert@redhat.com

http://secunia.com/advisories/37114

Source: secalert@redhat.com

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-850-1

Source: secalert@redhat.com

https://bugs.launchpad.net/bugs/cve/2009-3605

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=491840

Source: secalert@redhat.com

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz

Source: secalert@redhat.com

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731

Source: secalert@redhat.com

http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5

Source: af854a3a-2127-422b-91ae-364da2661108

http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a

Source: af854a3a-2127-422b-91ae-364da2661108

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37114

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-850-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/bugs/cve/2009-3605

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=491840

Source: af854a3a-2127-422b-91ae-364da2661108

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz

Source: af854a3a-2127-422b-91ae-364da2661108

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.