CVE-2009-3605
NONE EPSS 90.1%
Published Nov 2, 200916y ago · Modified Jun 16, 20262w ago
Published Nov 2, 2009 16y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
Threat Intelligence
EPSS Exploit Probability
90.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-189
Affected Products 48
| Vendor | Product | Version | Range |
|---|---|---|---|
| poppler | poppler | * | ≤0.10.5 |
| poppler | poppler | 0.1 | any |
| poppler | poppler | 0.1.1 | any |
| poppler | poppler | 0.1.2 | any |
| poppler | poppler | 0.2.0 | any |
| poppler | poppler | 0.3.0 | any |
| poppler | poppler | 0.3.1 | any |
| poppler | poppler | 0.3.2 | any |
| poppler | poppler | 0.3.3 | any |
| poppler | poppler | 0.4.0 | any |
| poppler | poppler | 0.4.1 | any |
| poppler | poppler | 0.4.2 | any |
| poppler | poppler | 0.4.3 | any |
| poppler | poppler | 0.4.4 | any |
| poppler | poppler | 0.5.0 | any |
| poppler | poppler | 0.5.1 | any |
| poppler | poppler | 0.5.2 | any |
| poppler | poppler | 0.5.3 | any |
| poppler | poppler | 0.5.4 | any |
| poppler | poppler | 0.5.9 | any |
| poppler | poppler | 0.5.90 | any |
| poppler | poppler | 0.5.91 | any |
| poppler | poppler | 0.6.0 | any |
| poppler | poppler | 0.6.1 | any |
| poppler | poppler | 0.6.2 | any |
| poppler | poppler | 0.6.3 | any |
| poppler | poppler | 0.6.4 | any |
| poppler | poppler | 0.7.0 | any |
| poppler | poppler | 0.7.1 | any |
| poppler | poppler | 0.7.2 | any |
| poppler | poppler | 0.7.3 | any |
| poppler | poppler | 0.8.0 | any |
| poppler | poppler | 0.8.1 | any |
| poppler | poppler | 0.8.2 | any |
| poppler | poppler | 0.8.3 | any |
| poppler | poppler | 0.8.4 | any |
| poppler | poppler | 0.8.5 | any |
| poppler | poppler | 0.8.6 | any |
| poppler | poppler | 0.8.7 | any |
| poppler | poppler | 0.9.0 | any |
| poppler | poppler | 0.9.1 | any |
| poppler | poppler | 0.9.2 | any |
| poppler | poppler | 0.9.3 | any |
| poppler | poppler | 0.10.0 | any |
| poppler | poppler | 0.10.1 | any |
| poppler | poppler | 0.10.2 | any |
| poppler | poppler | 0.10.3 | any |
| poppler | poppler | 0.10.4 | any |
References 15
- cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5
- cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a
- cgit.freedesktop.org http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- secunia.com http://secunia.com/advisories/37114
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
- ubuntu.com http://www.ubuntu.com/usn/USN-850-1
- bugs.launchpad.net https://bugs.launchpad.net/bugs/cve/2009-3605
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=491840
- launchpad.net https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz
- launchpad.net https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.