CVE-2009-3604
NONE EPSS 94.5%
Published Oct 21, 200916y ago · Modified Jun 16, 20262w ago
Published Oct 21, 2009 16y ago
Last Modified Jun 16, 2026 2w ago
Description
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Threat Intelligence
EPSS Exploit Probability
94.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-399
Affected Products 67
| Vendor | Product | Version | Range |
|---|---|---|---|
| gnome | gpdf | * | any |
| kde | kpdf | * | any |
| foolabs | xpdf | 3.02pl1 | any |
| foolabs | xpdf | 3.02pl2 | any |
| foolabs | xpdf | 3.02pl3 | any |
| glyphandcog | xpdfreader | 2.00 | any |
| glyphandcog | xpdfreader | 2.01 | any |
| glyphandcog | xpdfreader | 2.02 | any |
| glyphandcog | xpdfreader | 2.03 | any |
| glyphandcog | xpdfreader | 3.00 | any |
| glyphandcog | xpdfreader | 3.01 | any |
| glyphandcog | xpdfreader | 3.02 | any |
| poppler | poppler | 0.1 | any |
| poppler | poppler | 0.1.1 | any |
| poppler | poppler | 0.1.2 | any |
| poppler | poppler | 0.2.0 | any |
| poppler | poppler | 0.3.0 | any |
| poppler | poppler | 0.3.1 | any |
| poppler | poppler | 0.3.2 | any |
| poppler | poppler | 0.3.3 | any |
| poppler | poppler | 0.4.0 | any |
| poppler | poppler | 0.4.1 | any |
| poppler | poppler | 0.4.2 | any |
| poppler | poppler | 0.4.3 | any |
| poppler | poppler | 0.4.4 | any |
| poppler | poppler | 0.5.0 | any |
| poppler | poppler | 0.5.1 | any |
| poppler | poppler | 0.5.2 | any |
| poppler | poppler | 0.5.3 | any |
| poppler | poppler | 0.5.4 | any |
| poppler | poppler | 0.5.9 | any |
| poppler | poppler | 0.5.90 | any |
| poppler | poppler | 0.5.91 | any |
| poppler | poppler | 0.6.0 | any |
| poppler | poppler | 0.6.1 | any |
| poppler | poppler | 0.6.2 | any |
| poppler | poppler | 0.6.3 | any |
| poppler | poppler | 0.6.4 | any |
| poppler | poppler | 0.7.0 | any |
| poppler | poppler | 0.7.1 | any |
| poppler | poppler | 0.7.2 | any |
| poppler | poppler | 0.7.3 | any |
| poppler | poppler | 0.8.0 | any |
| poppler | poppler | 0.8.1 | any |
| poppler | poppler | 0.8.2 | any |
| poppler | poppler | 0.8.3 | any |
| poppler | poppler | 0.8.4 | any |
| poppler | poppler | 0.8.5 | any |
| poppler | poppler | 0.8.6 | any |
| poppler | poppler | 0.8.7 | any |
| poppler | poppler | 0.9.0 | any |
| poppler | poppler | 0.9.1 | any |
| poppler | poppler | 0.9.2 | any |
| poppler | poppler | 0.9.3 | any |
| poppler | poppler | 0.10.0 | any |
| poppler | poppler | 0.10.1 | any |
| poppler | poppler | 0.10.2 | any |
| poppler | poppler | 0.10.3 | any |
| poppler | poppler | 0.10.4 | any |
| poppler | poppler | 0.10.5 | any |
| poppler | poppler | 0.10.6 | any |
| poppler | poppler | 0.10.7 | any |
| poppler | poppler | 0.11.0 | any |
| poppler | poppler | 0.11.1 | any |
| poppler | poppler | 0.11.2 | any |
| poppler | poppler | 0.11.3 | any |
| poppler | poppler | 0.12.0 | any |
References 46
- ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
- cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
- cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- secunia.com http://secunia.com/advisories/37023
- secunia.com http://secunia.com/advisories/37028
- secunia.com http://secunia.com/advisories/37037
- secunia.com http://secunia.com/advisories/37042
- secunia.com http://secunia.com/advisories/37043
- secunia.com http://secunia.com/advisories/37053
- secunia.com http://secunia.com/advisories/37077
- secunia.com http://secunia.com/advisories/37079
- secunia.com http://secunia.com/advisories/37114
- secunia.com http://secunia.com/advisories/37159
- secunia.com http://secunia.com/advisories/39327
- secunia.com http://secunia.com/advisories/39938
- securitytracker.com http://securitytracker.com/id?1023029
- site.pi3.com.pl http://site.pi3.com.pl/adv/xpdf.txt
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
- debian.org http://www.debian.org/security/2010/dsa-2028
- debian.org http://www.debian.org/security/2010/dsa-2050
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
- securityfocus.com http://www.securityfocus.com/bid/36703
- ubuntu.com http://www.ubuntu.com/usn/USN-850-1
- ubuntu.com http://www.ubuntu.com/usn/USN-850-3
- vupen.com http://www.vupen.com/english/advisories/2009/2924
- vupen.com http://www.vupen.com/english/advisories/2009/2928
- vupen.com http://www.vupen.com/english/advisories/2010/0802
- vupen.com http://www.vupen.com/english/advisories/2010/1040
- vupen.com http://www.vupen.com/english/advisories/2010/1220
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=526911
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
- rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1500.html
- rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1501.html
- rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1502.html
- rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1503.html
- rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1512.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
- redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
Remediation
- ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
- securityfocus.com http://www.securityfocus.com/bid/36703
- vupen.com http://www.vupen.com/english/advisories/2009/2924
- vupen.com http://www.vupen.com/english/advisories/2009/2928
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=526911