CVE-2009-3604

NONE EPSS 94.5%
Published Oct 21, 200916y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 21, 2009 16y ago
Last Modified Jun 16, 2026 2w ago

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

Threat Intelligence

EPSS Exploit Probability
94.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-399

Affected Products 67

VendorProductVersionRange
gnomegpdf*any
kdekpdf*any
foolabsxpdf3.02pl1any
foolabsxpdf3.02pl2any
foolabsxpdf3.02pl3any
glyphandcogxpdfreader2.00any
glyphandcogxpdfreader2.01any
glyphandcogxpdfreader2.02any
glyphandcogxpdfreader2.03any
glyphandcogxpdfreader3.00any
glyphandcogxpdfreader3.01any
glyphandcogxpdfreader3.02any
popplerpoppler0.1any
popplerpoppler0.1.1any
popplerpoppler0.1.2any
popplerpoppler0.2.0any
popplerpoppler0.3.0any
popplerpoppler0.3.1any
popplerpoppler0.3.2any
popplerpoppler0.3.3any
popplerpoppler0.4.0any
popplerpoppler0.4.1any
popplerpoppler0.4.2any
popplerpoppler0.4.3any
popplerpoppler0.4.4any
popplerpoppler0.5.0any
popplerpoppler0.5.1any
popplerpoppler0.5.2any
popplerpoppler0.5.3any
popplerpoppler0.5.4any
popplerpoppler0.5.9any
popplerpoppler0.5.90any
popplerpoppler0.5.91any
popplerpoppler0.6.0any
popplerpoppler0.6.1any
popplerpoppler0.6.2any
popplerpoppler0.6.3any
popplerpoppler0.6.4any
popplerpoppler0.7.0any
popplerpoppler0.7.1any
popplerpoppler0.7.2any
popplerpoppler0.7.3any
popplerpoppler0.8.0any
popplerpoppler0.8.1any
popplerpoppler0.8.2any
popplerpoppler0.8.3any
popplerpoppler0.8.4any
popplerpoppler0.8.5any
popplerpoppler0.8.6any
popplerpoppler0.8.7any
popplerpoppler0.9.0any
popplerpoppler0.9.1any
popplerpoppler0.9.2any
popplerpoppler0.9.3any
popplerpoppler0.10.0any
popplerpoppler0.10.1any
popplerpoppler0.10.2any
popplerpoppler0.10.3any
popplerpoppler0.10.4any
popplerpoppler0.10.5any
popplerpoppler0.10.6any
popplerpoppler0.10.7any
popplerpoppler0.11.0any
popplerpoppler0.11.1any
popplerpoppler0.11.2any
popplerpoppler0.11.3any
popplerpoppler0.12.0any

References 46

  • ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
    Patch
  • cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
  • cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
  • secunia.com http://secunia.com/advisories/37023
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37028
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37037
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37042
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37043
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37053
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37077
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37079
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/37114
  • secunia.com http://secunia.com/advisories/37159
  • secunia.com http://secunia.com/advisories/39327
  • secunia.com http://secunia.com/advisories/39938
  • securitytracker.com http://securitytracker.com/id?1023029
  • site.pi3.com.pl http://site.pi3.com.pl/adv/xpdf.txt
    Exploit
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
  • debian.org http://www.debian.org/security/2010/dsa-2028
  • debian.org http://www.debian.org/security/2010/dsa-2050
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
  • securityfocus.com http://www.securityfocus.com/bid/36703
    ExploitPatch
  • ubuntu.com http://www.ubuntu.com/usn/USN-850-1
  • ubuntu.com http://www.ubuntu.com/usn/USN-850-3
  • vupen.com http://www.vupen.com/english/advisories/2009/2924
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/2928
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2010/0802
  • vupen.com http://www.vupen.com/english/advisories/2010/1040
  • vupen.com http://www.vupen.com/english/advisories/2010/1220
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=526911
    Patch
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969
  • rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1500.html
  • rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1501.html
  • rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1502.html
  • rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1503.html
  • rhn.redhat.com https://rhn.redhat.com/errata/RHSA-2009-1512.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Remediation

  • ftp.foolabs.com ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/36703
    ExploitPatch
  • vupen.com http://www.vupen.com/english/advisories/2009/2924
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2009/2928
    PatchVendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=526911
    Patch