CVE-2009-3605

NONE EPSS 90.1%
Published Nov 2, 200916y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 2, 2009 16y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Threat Intelligence

EPSS Exploit Probability
90.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 48

VendorProductVersionRange
popplerpoppler* ≤0.10.5
popplerpoppler0.1any
popplerpoppler0.1.1any
popplerpoppler0.1.2any
popplerpoppler0.2.0any
popplerpoppler0.3.0any
popplerpoppler0.3.1any
popplerpoppler0.3.2any
popplerpoppler0.3.3any
popplerpoppler0.4.0any
popplerpoppler0.4.1any
popplerpoppler0.4.2any
popplerpoppler0.4.3any
popplerpoppler0.4.4any
popplerpoppler0.5.0any
popplerpoppler0.5.1any
popplerpoppler0.5.2any
popplerpoppler0.5.3any
popplerpoppler0.5.4any
popplerpoppler0.5.9any
popplerpoppler0.5.90any
popplerpoppler0.5.91any
popplerpoppler0.6.0any
popplerpoppler0.6.1any
popplerpoppler0.6.2any
popplerpoppler0.6.3any
popplerpoppler0.6.4any
popplerpoppler0.7.0any
popplerpoppler0.7.1any
popplerpoppler0.7.2any
popplerpoppler0.7.3any
popplerpoppler0.8.0any
popplerpoppler0.8.1any
popplerpoppler0.8.2any
popplerpoppler0.8.3any
popplerpoppler0.8.4any
popplerpoppler0.8.5any
popplerpoppler0.8.6any
popplerpoppler0.8.7any
popplerpoppler0.9.0any
popplerpoppler0.9.1any
popplerpoppler0.9.2any
popplerpoppler0.9.3any
popplerpoppler0.10.0any
popplerpoppler0.10.1any
popplerpoppler0.10.2any
popplerpoppler0.10.3any
popplerpoppler0.10.4any

References 15

  • cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5
  • cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a
  • cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
  • secunia.com http://secunia.com/advisories/37114
    Vendor Advisory
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
  • ubuntu.com http://www.ubuntu.com/usn/USN-850-1
  • bugs.launchpad.net https://bugs.launchpad.net/bugs/cve/2009-3605
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=491840
  • launchpad.net https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz
  • launchpad.net https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.