Vulnerability Details : CVE-2009-3608
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-3608
Probability of exploitation activity in the next 30 days: 5.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-3608
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
[email protected] |
CWE ids for CVE-2009-3608
-
Assigned by: [email protected] (Primary)
References for CVE-2009-3608
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
- http://www.openwall.com/lists/oss-security/2009/12/01/6
- https://rhn.redhat.com/errata/RHSA-2009-1501.html
- https://rhn.redhat.com/errata/RHSA-2009-1513.html
- https://rhn.redhat.com/errata/RHSA-2009-1503.html
- http://www.ubuntu.com/usn/USN-850-3
- https://rhn.redhat.com/errata/RHSA-2009-1512.html
- http://www.openwall.com/lists/oss-security/2009/12/01/1
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
- http://www.debian.org/security/2010/dsa-2028
- http://www.ubuntu.com/usn/USN-850-1
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
-
http://poppler.freedesktop.org/
Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536
- http://www.debian.org/security/2009/dsa-1941
-
http://www.securityfocus.com/bid/36703
Exploit;Patch
- ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
-
http://www.vupen.com/english/advisories/2009/2928
Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0802
-
https://bugzilla.redhat.com/show_bug.cgi?id=526637
Patch
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
- http://www.debian.org/security/2010/dsa-2050
- http://securitytracker.com/id?1023029
-
http://www.vupen.com/english/advisories/2009/2925
Vendor Advisory
-
http://www.ocert.org/advisories/ocert-2009-016.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
-
http://www.vupen.com/english/advisories/2009/2926
Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/2924
Patch;Vendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-1502.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
- https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
- http://www.vupen.com/english/advisories/2010/1220
- https://rhn.redhat.com/errata/RHSA-2009-1504.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
- http://www.openwall.com/lists/oss-security/2009/12/01/5
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
Products affected by CVE-2009-3608
- cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops