CVE-2009-3603
published 2009-10-21CVE-2009-3603: Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.12.2-1 (bookworm) | poppler 0.12.2-1 (bookworm) |
| debian | xpdf | < poppler 0.12.2-1 (bookworm) | poppler 0.12.2-1 (bookworm) |
| foolabs | xpdf | — | — |
| foolabs | xpdf | — | — |
| foolabs | xpdf | — | — |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| glyphandcog | xpdfreader | — | — |
| glyphandcog | xpdfreader | — | — |
| glyphandcog | xpdfreader | — | — |
| poppler | poppler | <= 0.12.0 | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv5.0MEDIUM