CVE-2009-3605
published 2009-11-02CVE-2009-3605: Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…
PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.41%
90.1th percentile
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.12.2-1 (bookworm) | poppler 0.12.2-1 (bookworm) |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| poppler | poppler | <= 0.10.5 | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler regression
vendor_ubuntu·2009-10-22·CVSS 6.8
CVE-2009-3605 [MEDIUM] poppler regression
Title: poppler regression
Summary: poppler regression
USN-850-1 fixed vulnerabilities in poppler. The security fix for
CVE-2009-3605 introduced a regression that would cause certain
applications, such as Okular, to segfault when opening certain PDF files.
This update fixes the problem. We apologize for the inconvenience.
Original advisory details:
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2009-10-21
CVE-2009-0755 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler vulnerabilities
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
xpdf: multiple integer overflows
vendor_redhat·2009-05-19·CVSS 6.8
CVE-2009-3605 [MEDIUM] CWE-190 xpdf: multiple integer overflows
xpdf: multiple integer overflows
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
Debian
CVE-2009-3605: poppler - Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers ...
vendor_debian·2009·CVSS 6.8
CVE-2009-3605 [MEDIUM] CVE-2009-3605: poppler - Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers ...
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
Scope: local
bookworm: resolved (fixed in 0.12.2-1)
bullseye: resolved (fixed in 0.12.2-1)
forky: resolved (fixed in 0.12.2-1)
sid: resolved (fixed in 0.12.2-1)
trixie: resolved (fixed in 0.12.2-1)
GHSA
GHSA-52vw-r24f-727x: Multiple integer overflows in Poppler 0
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-3605 [MEDIUM] GHSA-52vw-r24f-727x: Multiple integer overflows in Poppler 0
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
OSV
CVE-2009-3605: Multiple integer overflows in Poppler 0
osv·2009-11-02·CVSS 6.8
CVE-2009-3605 [MEDIUM] CVE-2009-3605: Multiple integer overflows in Poppler 0
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
No detection rules found.
No public exploits indexed.
http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747ahttp://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlhttp://secunia.com/advisories/37114http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:334http://www.mandriva.com/security/advisories?name=MDVSA-2011:175http://www.ubuntu.com/usn/USN-850-1https://bugs.launchpad.net/bugs/cve/2009-3605https://bugzilla.redhat.com/show_bug.cgi?id=491840https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gzhttps://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gzhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747ahttp://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlhttp://secunia.com/advisories/37114http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:334http://www.mandriva.com/security/advisories?name=MDVSA-2011:175http://www.ubuntu.com/usn/USN-850-1https://bugs.launchpad.net/bugs/cve/2009-3605https://bugzilla.redhat.com/show_bug.cgi?id=491840https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gzhttps://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gzhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731
2009-11-02
Published