CVE-2009-3604
Summary
| CVE | CVE-2009-3604 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-10-21 17:30:00 UTC |
| Updated | 2023-02-13 01:17:00 UTC |
| Description | The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Foolabs | Xpdf | 3.02pl1 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl2 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl3 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl1 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl2 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl3 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.00 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.02 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.03 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.00 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.02 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.00 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.02 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 2.03 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.00 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.02 | All | All | All |
| Application | Gnome | Gpdf | All | All | All | All |
| Application | Gnome | Gpdf | All | All | All | All |
| Application | Kde | Kpdf | All | All | All | All |
| Application | Kde | Kpdf | All | All | All | All |
| Application | Poppler | Poppler | 0.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.0 | All | All | All |
| Application | Poppler | Poppler | 0.10.1 | All | All | All |
| Application | Poppler | Poppler | 0.10.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.3 | All | All | All |
| Application | Poppler | Poppler | 0.10.4 | All | All | All |
| Application | Poppler | Poppler | 0.10.5 | All | All | All |
| Application | Poppler | Poppler | 0.10.6 | All | All | All |
| Application | Poppler | Poppler | 0.10.7 | All | All | All |
| Application | Poppler | Poppler | 0.11.0 | All | All | All |
| Application | Poppler | Poppler | 0.11.1 | All | All | All |
| Application | Poppler | Poppler | 0.11.2 | All | All | All |
| Application | Poppler | Poppler | 0.11.3 | All | All | All |
| Application | Poppler | Poppler | 0.12.0 | All | All | All |
| Application | Poppler | Poppler | 0.2.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.1 | All | All | All |
| Application | Poppler | Poppler | 0.3.2 | All | All | All |
| Application | Poppler | Poppler | 0.3.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.0 | All | All | All |
| Application | Poppler | Poppler | 0.4.1 | All | All | All |
| Application | Poppler | Poppler | 0.4.2 | All | All | All |
| Application | Poppler | Poppler | 0.4.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.0 | All | All | All |
| Application | Poppler | Poppler | 0.5.1 | All | All | All |
| Application | Poppler | Poppler | 0.5.2 | All | All | All |
| Application | Poppler | Poppler | 0.5.3 | All | All | All |
| Application | Poppler | Poppler | 0.5.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.9 | All | All | All |
| Application | Poppler | Poppler | 0.5.90 | All | All | All |
| Application | Poppler | Poppler | 0.5.91 | All | All | All |
| Application | Poppler | Poppler | 0.6.0 | All | All | All |
| Application | Poppler | Poppler | 0.6.1 | All | All | All |
| Application | Poppler | Poppler | 0.6.2 | All | All | All |
| Application | Poppler | Poppler | 0.6.3 | All | All | All |
| Application | Poppler | Poppler | 0.6.4 | All | All | All |
| Application | Poppler | Poppler | 0.7.0 | All | All | All |
| Application | Poppler | Poppler | 0.7.1 | All | All | All |
| Application | Poppler | Poppler | 0.7.2 | All | All | All |
| Application | Poppler | Poppler | 0.7.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.0 | All | All | All |
| Application | Poppler | Poppler | 0.8.1 | All | All | All |
| Application | Poppler | Poppler | 0.8.2 | All | All | All |
| Application | Poppler | Poppler | 0.8.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.4 | All | All | All |
| Application | Poppler | Poppler | 0.8.5 | All | All | All |
| Application | Poppler | Poppler | 0.8.6 | All | All | All |
| Application | Poppler | Poppler | 0.8.7 | All | All | All |
| Application | Poppler | Poppler | 0.9.0 | All | All | All |
| Application | Poppler | Poppler | 0.9.1 | All | All | All |
| Application | Poppler | Poppler | 0.9.2 | All | All | All |
| Application | Poppler | Poppler | 0.9.3 | All | All | All |
| Application | Poppler | Poppler | 0.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.0 | All | All | All |
| Application | Poppler | Poppler | 0.10.1 | All | All | All |
| Application | Poppler | Poppler | 0.10.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.3 | All | All | All |
| Application | Poppler | Poppler | 0.10.4 | All | All | All |
| Application | Poppler | Poppler | 0.10.5 | All | All | All |
| Application | Poppler | Poppler | 0.10.6 | All | All | All |
| Application | Poppler | Poppler | 0.10.7 | All | All | All |
| Application | Poppler | Poppler | 0.11.0 | All | All | All |
| Application | Poppler | Poppler | 0.11.1 | All | All | All |
| Application | Poppler | Poppler | 0.11.2 | All | All | All |
| Application | Poppler | Poppler | 0.11.3 | All | All | All |
| Application | Poppler | Poppler | 0.12.0 | All | All | All |
| Application | Poppler | Poppler | 0.2.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.1 | All | All | All |
| Application | Poppler | Poppler | 0.3.2 | All | All | All |
| Application | Poppler | Poppler | 0.3.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.0 | All | All | All |
| Application | Poppler | Poppler | 0.4.1 | All | All | All |
| Application | Poppler | Poppler | 0.4.2 | All | All | All |
| Application | Poppler | Poppler | 0.4.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.0 | All | All | All |
| Application | Poppler | Poppler | 0.5.1 | All | All | All |
| Application | Poppler | Poppler | 0.5.2 | All | All | All |
| Application | Poppler | Poppler | 0.5.3 | All | All | All |
| Application | Poppler | Poppler | 0.5.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.9 | All | All | All |
| Application | Poppler | Poppler | 0.5.90 | All | All | All |
| Application | Poppler | Poppler | 0.5.91 | All | All | All |
| Application | Poppler | Poppler | 0.6.0 | All | All | All |
| Application | Poppler | Poppler | 0.6.1 | All | All | All |
| Application | Poppler | Poppler | 0.6.2 | All | All | All |
| Application | Poppler | Poppler | 0.6.3 | All | All | All |
| Application | Poppler | Poppler | 0.6.4 | All | All | All |
| Application | Poppler | Poppler | 0.7.0 | All | All | All |
| Application | Poppler | Poppler | 0.7.1 | All | All | All |
| Application | Poppler | Poppler | 0.7.2 | All | All | All |
| Application | Poppler | Poppler | 0.7.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.0 | All | All | All |
| Application | Poppler | Poppler | 0.8.1 | All | All | All |
| Application | Poppler | Poppler | 0.8.2 | All | All | All |
| Application | Poppler | Poppler | 0.8.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.4 | All | All | All |
| Application | Poppler | Poppler | 0.8.5 | All | All | All |
| Application | Poppler | Poppler | 0.8.6 | All | All | All |
| Application | Poppler | Poppler | 0.8.7 | All | All | All |
| Application | Poppler | Poppler | 0.9.0 | All | All | All |
| Application | Poppler | Poppler | 0.9.1 | All | All | All |
| Application | Poppler | Poppler | 0.9.2 | All | All | All |
| Application | Poppler | Poppler | 0.9.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | MISC | access.redhat.com | |
| [SECURITY] Fedora 11 Update: pdfedit-0.4.3-4.fc11 | FEDORA | lists.fedoraproject.org | |
| site.pi3.com.pl/adv/xpdf.txt | MISC | site.pi3.com.pl | Exploit |
| Debian update for kdegraphics - Advisories - Community | SECUNIA | secunia.com | |
| SecurityTracker.com Archives - Xpdf Integer Overflows Let Remote Users Execute Arbitrary Code | SECTRACK | securitytracker.com | |
| KDE KPDF Multiple Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| access.redhat.com | CVE-2009-3604 | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat update for xpdf - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2010:087 | Mandriva | MANDRIVA | www.mandriva.com | |
| Fedora update for poppler - Secunia.com | SECUNIA | secunia.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Ubuntu update for poppler - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| [SECURITY] Fedora 12 Update: pdfedit-0.4.3-4.fc12 | FEDORA | lists.fedoraproject.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Poppler Multiple Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Support / Security / Advisories / / MDVSA-2011:175 | Mandriva | MANDRIVA | www.mandriva.com | |
| USN-850-1: poppler vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| 526911 – (CVE-2009-3604) CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check | CONFIRM | bugzilla.redhat.com | Patch |
| poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler) | CONFIRM | cgit.freedesktop.org | |
| [SECURITY] Fedora 13 Update: pdfedit-0.4.3-4.fc13 | FEDORA | lists.fedoraproject.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Red Hat update for kdegraphics - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| [SECURITY] Fedora 10 Update: poppler-0.8.7-7.fc10 | FEDORA | www.redhat.com | |
| Debian -- Security Information -- DSA-2050-1 kdegraphics | DEBIAN | www.debian.org | |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| USN-850-3: poppler vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:018 | SUSE | lists.opensuse.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Debian update for xpdf - Advisories - Community | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat update for gpdf - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| 1021706 | SUNALERT | sunsolve.sun.com | |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | |
| Xpdf Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| 274030 | SUNALERT | sunsolve.sun.com | |
| Debian -- Security Information -- DSA-2028-1 xpdf | DEBIAN | www.debian.org | |
| poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler) | CONFIRM | cgit.freedesktop.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Xpdf Multiple Integer Overflow Vulnerabilities | BID | www.securityfocus.com | Exploit, Patch |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat update for kdegraphics - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2009:287 | Mandriva | MANDRIVA | www.mandriva.com | |
| ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | CONFIRM | ftp.foolabs.com | Patch |
| [SECURITY] Fedora 11 Update: poppler-0.10.7-3.fc11 | FEDORA | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Red Hat update for xpdf - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.