CVE-2009-3603

Summary

CVE	CVE-2009-3603
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-10-21 17:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.

Risk And Classification

Primary CVSS: v2.0 9.3 from [email protected]

AV:N/AC:M/Au:N/C:C/I:C/A:C

Problem Types: CWE-189 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Foolabs	Xpdf	3.02pl1	All	All	All
Application	Foolabs	Xpdf	3.02pl2	All	All	All
Application	Foolabs	Xpdf	3.02pl3	All	All	All
Application	Glyphandcog	Xpdfreader	3.00	All	All	All
Application	Glyphandcog	Xpdfreader	3.01	All	All	All
Application	Glyphandcog	Xpdfreader	3.02	All	All	All
Application	Poppler	Poppler	0.1	All	All	All
Application	Poppler	Poppler	0.1.1	All	All	All
Application	Poppler	Poppler	0.1.2	All	All	All
Application	Poppler	Poppler	0.10.0	All	All	All
Application	Poppler	Poppler	0.10.1	All	All	All
Application	Poppler	Poppler	0.10.2	All	All	All
Application	Poppler	Poppler	0.10.3	All	All	All
Application	Poppler	Poppler	0.10.4	All	All	All
Application	Poppler	Poppler	0.10.5	All	All	All
Application	Poppler	Poppler	0.10.6	All	All	All
Application	Poppler	Poppler	0.10.7	All	All	All
Application	Poppler	Poppler	0.11.0	All	All	All
Application	Poppler	Poppler	0.11.1	All	All	All
Application	Poppler	Poppler	0.11.2	All	All	All
Application	Poppler	Poppler	0.11.3	All	All	All
Application	Poppler	Poppler	0.2.0	All	All	All
Application	Poppler	Poppler	0.3.0	All	All	All
Application	Poppler	Poppler	0.3.1	All	All	All
Application	Poppler	Poppler	0.3.2	All	All	All
Application	Poppler	Poppler	0.3.3	All	All	All
Application	Poppler	Poppler	0.4.0	All	All	All
Application	Poppler	Poppler	0.4.1	All	All	All
Application	Poppler	Poppler	0.4.2	All	All	All
Application	Poppler	Poppler	0.4.3	All	All	All
Application	Poppler	Poppler	0.4.4	All	All	All
Application	Poppler	Poppler	0.5.0	All	All	All
Application	Poppler	Poppler	0.5.1	All	All	All
Application	Poppler	Poppler	0.5.2	All	All	All
Application	Poppler	Poppler	0.5.3	All	All	All
Application	Poppler	Poppler	0.5.4	All	All	All
Application	Poppler	Poppler	0.5.9	All	All	All
Application	Poppler	Poppler	0.6.0	All	All	All
Application	Poppler	Poppler	0.6.1	All	All	All
Application	Poppler	Poppler	0.6.2	All	All	All
Application	Poppler	Poppler	0.6.3	All	All	All
Application	Poppler	Poppler	0.6.4	All	All	All
Application	Poppler	Poppler	0.7.0	All	All	All
Application	Poppler	Poppler	0.7.1	All	All	All
Application	Poppler	Poppler	0.7.2	All	All	All
Application	Poppler	Poppler	0.7.3	All	All	All
Application	Poppler	Poppler	0.8.0	All	All	All
Application	Poppler	Poppler	0.8.1	All	All	All
Application	Poppler	Poppler	0.8.2	All	All	All
Application	Poppler	Poppler	0.8.3	All	All	All
Application	Poppler	Poppler	0.8.4	All	All	All
Application	Poppler	Poppler	0.8.6	All	All	All
Application	Poppler	Poppler	0.8.7	All	All	All
Application	Poppler	Poppler	0.9.0	All	All	All
Application	Poppler	Poppler	0.9.1	All	All	All
Application	Poppler	Poppler	0.9.2	All	All	All
Application	Poppler	Poppler	0.9.3	All	All	All
Application	Poppler	Poppler	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
[SECURITY] Fedora 11 Update: poppler-0.10.7-3.fc11	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Webmail \| OVH- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
sunsolve.sun.com/search/document.do	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Poppler	af854a3a-2127-422b-91ae-364da2661108	poppler.freedesktop.org	Patch, Vendor Advisory
Ubuntu update for poppler - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
[SECURITY] Fedora 12 Update: pdfedit-0.4.3-4.fc12	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
USN-850-3: poppler vulnerabilities \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
Debian update for kdegraphics - Advisories - Community	af854a3a-2127-422b-91ae-364da2661108	secunia.com
sunsolve.sun.com/search/document.do	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
Support / Security / Advisories / / MDVSA-2009:287 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:018	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
[SECURITY] Fedora 10 Update: poppler-0.8.7-7.fc10	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
526915 – (CVE-2009-3603) CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
[SECURITY] Fedora 11 Update: pdfedit-0.4.3-4.fc11	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Support / Security / Advisories / / MDVSA-2011:175 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch	af854a3a-2127-422b-91ae-364da2661108	ftp.foolabs.com	Patch
Support / Security / Advisories / / MDVSA-2010:087 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Xpdf Multiple Integer Overflow Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Exploit, Patch
Poppler Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Webmail \| OVH- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Red Hat update for poppler - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
USN-850-1: poppler vulnerabilities \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
SecurityTracker.com Archives - Xpdf Integer Overflows Let Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
Debian -- Security Information -- DSA-2028-1 xpdf	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Webmail \| OVH- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Patch, Vendor Advisory
Xpdf Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Debian update for xpdf - Advisories - Community	af854a3a-2127-422b-91ae-364da2661108	secunia.com
[SECURITY] Fedora 13 Update: pdfedit-0.4.3-4.fc13	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Debian -- Security Information -- DSA-2050-1 kdegraphics	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Fedora update for poppler - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Patch, Vendor Advisory
Red Hat Customer Portal	MITRE	access.redhat.com
access.redhat.com \| CVE-2009-3603	MITRE	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.