CVE-2009-3608
Summary
| CVE | CVE-2009-3608 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-10-21 17:30:00 UTC |
| Updated | 2023-02-13 02:20:00 UTC |
| Description | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. |
Risk And Classification
Problem Types: CWE-189
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Foolabs | Xpdf | 3.02pl1 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl2 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl3 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl1 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl2 | All | All | All |
| Application | Foolabs | Xpdf | 3.02pl3 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.00 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.02 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.00 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 3.02 | All | All | All |
| Application | Glyph And Cog | Pdftops | All | All | All | All |
| Application | Glyph And Cog | Pdftops | All | All | All | All |
| Application | Gnome | Gpdf | All | All | All | All |
| Application | Gnome | Gpdf | All | All | All | All |
| Application | Kde | Kpdf | All | All | All | All |
| Application | Kde | Kpdf | All | All | All | All |
| Application | Poppler | Poppler | 0.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.0 | All | All | All |
| Application | Poppler | Poppler | 0.10.1 | All | All | All |
| Application | Poppler | Poppler | 0.10.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.3 | All | All | All |
| Application | Poppler | Poppler | 0.10.4 | All | All | All |
| Application | Poppler | Poppler | 0.10.5 | All | All | All |
| Application | Poppler | Poppler | 0.10.6 | All | All | All |
| Application | Poppler | Poppler | 0.10.7 | All | All | All |
| Application | Poppler | Poppler | 0.11.0 | All | All | All |
| Application | Poppler | Poppler | 0.11.1 | All | All | All |
| Application | Poppler | Poppler | 0.11.2 | All | All | All |
| Application | Poppler | Poppler | 0.11.3 | All | All | All |
| Application | Poppler | Poppler | 0.2.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.1 | All | All | All |
| Application | Poppler | Poppler | 0.3.2 | All | All | All |
| Application | Poppler | Poppler | 0.3.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.0 | All | All | All |
| Application | Poppler | Poppler | 0.4.1 | All | All | All |
| Application | Poppler | Poppler | 0.4.2 | All | All | All |
| Application | Poppler | Poppler | 0.4.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.0 | All | All | All |
| Application | Poppler | Poppler | 0.5.1 | All | All | All |
| Application | Poppler | Poppler | 0.5.2 | All | All | All |
| Application | Poppler | Poppler | 0.5.3 | All | All | All |
| Application | Poppler | Poppler | 0.5.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.9 | All | All | All |
| Application | Poppler | Poppler | 0.6.0 | All | All | All |
| Application | Poppler | Poppler | 0.6.1 | All | All | All |
| Application | Poppler | Poppler | 0.6.2 | All | All | All |
| Application | Poppler | Poppler | 0.6.3 | All | All | All |
| Application | Poppler | Poppler | 0.6.4 | All | All | All |
| Application | Poppler | Poppler | 0.7.0 | All | All | All |
| Application | Poppler | Poppler | 0.7.1 | All | All | All |
| Application | Poppler | Poppler | 0.7.2 | All | All | All |
| Application | Poppler | Poppler | 0.7.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.0 | All | All | All |
| Application | Poppler | Poppler | 0.8.1 | All | All | All |
| Application | Poppler | Poppler | 0.8.2 | All | All | All |
| Application | Poppler | Poppler | 0.8.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.4 | All | All | All |
| Application | Poppler | Poppler | 0.8.6 | All | All | All |
| Application | Poppler | Poppler | 0.8.7 | All | All | All |
| Application | Poppler | Poppler | 0.9.0 | All | All | All |
| Application | Poppler | Poppler | 0.9.1 | All | All | All |
| Application | Poppler | Poppler | 0.9.2 | All | All | All |
| Application | Poppler | Poppler | 0.9.3 | All | All | All |
| Application | Poppler | Poppler | All | All | All | All |
| Application | Poppler | Poppler | 0.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.1 | All | All | All |
| Application | Poppler | Poppler | 0.1.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.0 | All | All | All |
| Application | Poppler | Poppler | 0.10.1 | All | All | All |
| Application | Poppler | Poppler | 0.10.2 | All | All | All |
| Application | Poppler | Poppler | 0.10.3 | All | All | All |
| Application | Poppler | Poppler | 0.10.4 | All | All | All |
| Application | Poppler | Poppler | 0.10.5 | All | All | All |
| Application | Poppler | Poppler | 0.10.6 | All | All | All |
| Application | Poppler | Poppler | 0.10.7 | All | All | All |
| Application | Poppler | Poppler | 0.11.0 | All | All | All |
| Application | Poppler | Poppler | 0.11.1 | All | All | All |
| Application | Poppler | Poppler | 0.11.2 | All | All | All |
| Application | Poppler | Poppler | 0.11.3 | All | All | All |
| Application | Poppler | Poppler | 0.2.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.0 | All | All | All |
| Application | Poppler | Poppler | 0.3.1 | All | All | All |
| Application | Poppler | Poppler | 0.3.2 | All | All | All |
| Application | Poppler | Poppler | 0.3.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.0 | All | All | All |
| Application | Poppler | Poppler | 0.4.1 | All | All | All |
| Application | Poppler | Poppler | 0.4.2 | All | All | All |
| Application | Poppler | Poppler | 0.4.3 | All | All | All |
| Application | Poppler | Poppler | 0.4.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.0 | All | All | All |
| Application | Poppler | Poppler | 0.5.1 | All | All | All |
| Application | Poppler | Poppler | 0.5.2 | All | All | All |
| Application | Poppler | Poppler | 0.5.3 | All | All | All |
| Application | Poppler | Poppler | 0.5.4 | All | All | All |
| Application | Poppler | Poppler | 0.5.9 | All | All | All |
| Application | Poppler | Poppler | 0.6.0 | All | All | All |
| Application | Poppler | Poppler | 0.6.1 | All | All | All |
| Application | Poppler | Poppler | 0.6.2 | All | All | All |
| Application | Poppler | Poppler | 0.6.3 | All | All | All |
| Application | Poppler | Poppler | 0.6.4 | All | All | All |
| Application | Poppler | Poppler | 0.7.0 | All | All | All |
| Application | Poppler | Poppler | 0.7.1 | All | All | All |
| Application | Poppler | Poppler | 0.7.2 | All | All | All |
| Application | Poppler | Poppler | 0.7.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.0 | All | All | All |
| Application | Poppler | Poppler | 0.8.1 | All | All | All |
| Application | Poppler | Poppler | 0.8.2 | All | All | All |
| Application | Poppler | Poppler | 0.8.3 | All | All | All |
| Application | Poppler | Poppler | 0.8.4 | All | All | All |
| Application | Poppler | Poppler | 0.8.6 | All | All | All |
| Application | Poppler | Poppler | 0.8.7 | All | All | All |
| Application | Poppler | Poppler | 0.9.0 | All | All | All |
| Application | Poppler | Poppler | 0.9.1 | All | All | All |
| Application | Poppler | Poppler | 0.9.2 | All | All | All |
| Application | Poppler | Poppler | 0.9.3 | All | All | All |
| Application | Tetex | Tetex | All | All | All | All |
| Application | Tetex | Tetex | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 11 Update: pdfedit-0.4.3-4.fc11 | FEDORA | lists.fedoraproject.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Debian update for kdegraphics - Advisories - Community | SECUNIA | secunia.com | |
| SecurityTracker.com Archives - Xpdf Integer Overflows Let Remote Users Execute Arbitrary Code | SECTRACK | securitytracker.com | Patch |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| KDE KPDF Multiple Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat update for xpdf - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Fedora update for poppler - Secunia.com | SECUNIA | secunia.com | |
| oCERT.org - oCERT Advisories | MISC | www.ocert.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Ubuntu update for poppler - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Poppler Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| CUPS "pdftops" Two Integer Overflow Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| [SECURITY] Fedora 12 Update: pdfedit-0.4.3-4.fc12 | FEDORA | lists.fedoraproject.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Debian -- Security Information -- DSA-1941-1 poppler | DEBIAN | www.debian.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| 526637 – (CVE-2009-3608) CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) | CONFIRM | bugzilla.redhat.com | Patch |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Support / Security / Advisories / / MDVSA-2011:175 | Mandriva | MANDRIVA | www.mandriva.com | |
| USN-850-1: poppler vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [SECURITY] Fedora 13 Update: pdfedit-0.4.3-4.fc13 | FEDORA | lists.fedoraproject.org | |
| oss-security - Re: Need more information on recent poppler issues | MLIST | www.openwall.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Red Hat update for kdegraphics - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| [SECURITY] Fedora 10 Update: poppler-0.8.7-7.fc10 | FEDORA | www.redhat.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Debian -- Security Information -- DSA-2050-1 kdegraphics | DEBIAN | www.debian.org | |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| USN-850-3: poppler vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:018 | SUSE | lists.opensuse.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Red Hat update for cups - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat update for poppler - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Debian update for xpdf - Advisories - Community | SECUNIA | secunia.com | |
| Poppler | CONFIRM | poppler.freedesktop.org | Patch, Vendor Advisory |
| oss-security - Re: Need more information on recent poppler issues | MLIST | www.openwall.com | |
| Red Hat update for gpdf - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| 1021706 | SUNALERT | sunsolve.sun.com | |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | |
| Xpdf Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| 274030 | SUNALERT | sunsolve.sun.com | |
| Debian -- Security Information -- DSA-2028-1 xpdf | DEBIAN | www.debian.org | |
| oss-security - Need more information on recent poppler issues | MLIST | www.openwall.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Xpdf Multiple Integer Overflow Vulnerabilities | BID | www.securityfocus.com | Exploit, Patch |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| access.redhat.com | CVE-2009-3608 | MISC | access.redhat.com | |
| Red Hat update for kdegraphics - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2009:287 | Mandriva | MANDRIVA | www.mandriva.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Support / Security / Advisories / / MDVSA-2009:334 | Mandriva | MANDRIVA | www.mandriva.com | |
| ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch | CONFIRM | ftp.foolabs.com | Patch |
| [SECURITY] Fedora 11 Update: poppler-0.10.7-3.fc11 | FEDORA | www.redhat.com | |
| Webmail - OVH | VUPEN | www.vupen.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.