CVE-2009-3604

NONECVSS 0.0

0.0

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

🔗 References (92)

secalert@redhatftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
secalert@redhathttp://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
secalert@redhathttp://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
secalert@redhathttp://secunia.com/advisories/37023
secalert@redhathttp://secunia.com/advisories/37028
secalert@redhathttp://secunia.com/advisories/37037
secalert@redhathttp://secunia.com/advisories/37042
secalert@redhathttp://secunia.com/advisories/37043
secalert@redhathttp://secunia.com/advisories/37053
secalert@redhathttp://secunia.com/advisories/37077
secalert@redhathttp://secunia.com/advisories/37079

Is Your Infrastructure Affected by CVE-2009-3604?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-3604

📅 Published

🔄 Last Modified

🔗 References (92)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-3604?