CVE-2009-3604

CWE-399 CWE-190 — Integer Overflow10 documents8 sources

Severity

9.3CRITICAL

EPSS

7.5%

top 8.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foolabs Xpdf Glyphandcog Xpdfreader Poppler Poppler

Timeline

PublishedOct 21

Latest updateMay 3

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶Debianxpdf< 3.02-2+3

▶Debianpoppler< 0.12.2-1+3

▶NVDfoolabs/xpdf3.02pl1, 3.02pl2, 3.02pl3+2

▶NVDpoppler/poppler55 versions+54

▶NVDglyphandcog/xpdfreader7 versions+6

Patches

Patch: ftp.foolabs.com ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-57v7-6q2r-896j: The Splash::drawImage function in Splash↗2022-05-03

▶

CVEList

CVE-2009-3604: The Splash::drawImage function in Splash↗2009-10-21

▶

OSV

CVE-2009-3604: The Splash::drawImage function in Splash↗2009-10-21

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2009-11-02

▶

Ubuntu

poppler vulnerabilities↗2009-10-21

▶

Red Hat

xpdf/poppler: Splash:: drawImage integer overflow and missing allocation return value check↗2009-10-14

▶

Debian

CVE-2009-3604: poppler - The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, ...↗2009

▶

💬Community

Bugzilla

CVE-2009-0791 CVE-2009-360{3,4,6,7,8,9} Multiple poppler vulnerabilities↗2009-10-25

▶

Bugzilla

CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check↗2009-10-02

▶