Vulnerability Details : CVE-2009-3609
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2009-3609
- cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
- cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*When used together with: Glyph And Cog » Pdftops
Exploit prediction scoring system (EPSS) score for CVE-2009-3609
1.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3609
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2009-3609
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3609
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
-
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RHSA-2009:1501 - Security Advisory - Red Hat Customer Portal
-
https://rhn.redhat.com/errata/RHSA-2009-1513.html
RHSA-2009:1513 - Security Advisory - Red Hat Customer Portal
-
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RHSA-2009:1503 - Security Advisory - Red Hat Customer Portal
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134
404 Not Found
-
http://www.ubuntu.com/usn/USN-850-3
USN-850-3: poppler vulnerabilities | Ubuntu security notices | Ubuntu
-
https://rhn.redhat.com/errata/RHSA-2009-1512.html
RHSA-2009:1512 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
Mandriva
-
http://www.debian.org/security/2010/dsa-2028
[SECURITY] [DSA 2028-1] New xpdf packages fix several vulnerabilities
-
http://www.ubuntu.com/usn/USN-850-1
USN-850-1: poppler vulnerabilities | Ubuntu security notices | Ubuntu
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:018 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
403 Forbidden
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043
404 Not Found
-
http://poppler.freedesktop.org/
PopplerPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/36703
Exploit;Patch
-
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
Exploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
403 Forbidden
-
http://www.vupen.com/english/advisories/2009/2928
Site en constructionVendor Advisory
-
http://www.vupen.com/english/advisories/2010/0802
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
Mandriva
-
http://www.debian.org/security/2010/dsa-2050
[SECURITY] [DSA 2050-1] New kdegraphics packages fix several vulnerabilities
-
http://securitytracker.com/id?1023029
Access Denied
-
http://www.vupen.com/english/advisories/2009/2925
Site en constructionVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
[SECURITY] Fedora 10 Update: poppler-0.8.7-7.fc10
-
http://www.vupen.com/english/advisories/2009/2926
Site en constructionVendor Advisory
-
http://www.vupen.com/english/advisories/2009/2924
Site en constructionPatch;Vendor Advisory
-
https://rhn.redhat.com/errata/RHSA-2009-1502.html
RHSA-2009:1502 - Security Advisory - Red Hat Customer Portal
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
-
https://rhn.redhat.com/errata/RHSA-2009-1500.html
RHSA-2009:1500 - Security Advisory - Red Hat Customer Portal
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53800
Xpdf ImageStream::ImageStream() denial of service CVE-2009-3609 Vulnerability Report
-
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
[SECURITY] Fedora 11 Update: poppler-0.10.7-3.fc11
-
http://www.vupen.com/english/advisories/2010/1220
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2010-0755.html
Support
-
https://rhn.redhat.com/errata/RHSA-2009-1504.html
RHSA-2009:1504 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
403 Forbidden
-
https://bugzilla.redhat.com/show_bug.cgi?id=526893
526893 – (CVE-2009-3609) CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflowExploit;Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
Mandriva
Jump to