Home > Vulnerability Database > CVE-2009-3604

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2009-3604

Date: October 21, 2009

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

Severity Score

8.1

Related Resources (50)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

Url: http://site.pi3.com.pl/adv/xpdf.txt

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

Url: http://www.vupen.com/english/advisories/2010/1220

Url: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Url: https://rhn.redhat.com/errata/RHSA-2009-1502.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

Url: http://secunia.com/advisories/37053

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

Url: https://rhn.redhat.com/errata/RHSA-2009-1501.html

Url: http://www.debian.org/security/2010/dsa-2028

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

Url: http://secunia.com/advisories/39938

Url: http://www.vupen.com/english/advisories/2010/0802

Url: http://secunia.com/advisories/37077

Url: http://secunia.com/advisories/37079

Url: http://secunia.com/advisories/37159

Url: http://secunia.com/advisories/37114

Url: http://secunia.com/advisories/37037

Url: https://rhn.redhat.com/errata/RHSA-2009-1503.html

Url: https://rhn.redhat.com/errata/RHSA-2009-1500.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969

Url: http://secunia.com/advisories/37043

Url: http://secunia.com/advisories/37042

Url: http://www.vupen.com/english/advisories/2009/2928

Url: http://www.vupen.com/english/advisories/2009/2924

Url: http://www.ubuntu.com/usn/USN-850-1

Url: https://bugzilla.redhat.com/show_bug.cgi?id=526911

Url: http://secunia.com/advisories/37023

Url: https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Url: http://secunia.com/advisories/39327

Url: http://secunia.com/advisories/37028

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3604

Url: http://www.ubuntu.com/usn/USN-850-3

Url: http://www.securityfocus.com/bid/36703

Url: http://securitytracker.com/id?1023029

Url: https://rhn.redhat.com/errata/RHSA-2009-1512.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

Url: https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/53795

Url: http://www.debian.org/security/2010/dsa-2050

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3604

Url: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

Url: https://access.redhat.com/security/cve/CVE-2009-3604

Url: http://www.vupen.com/english/advisories/2010/1040

Url: http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2

Url: http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2

Url: https://www.mend.io/vulnerability-database/CVE-2009-3604

Severity Score

8.1

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us