CVE-2009-3606

CWE-189CWE-190Integer Overflow8 documents8 sources
Severity
9.3CRITICAL
EPSS
4.8%
top 10.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foolabs XpdfGlyphandcog XpdfreaderPoppler Poppler
Timeline
PublishedOct 21
Latest updateMay 3

Description

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

Debianxpdf< 3.02-2+3
Debianpoppler< 0.12.2-1+3
NVDfoolabs/xpdf3.02pl1, 3.02pl2, 3.02pl3+2
NVDpoppler/poppler52 versions+51
NVDglyphandcog/xpdfreader3.00, 3.01, 3.02+2

Patches

Patch: ftp.foolabs.comPatch: securitytracker.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-75g3-x63m-xg86: Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 32022-05-03
CVEList
CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 32009-10-21
OSV
CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 32009-10-21

📋Vendor Advisories

3
Ubuntu
KOffice vulnerabilities2010-08-17
Red Hat
xpdf/poppler: PSOutputDev:: doImageL1Sep integer overflow2009-10-14
Debian
CVE-2009-3606: poppler - Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl...2009

💬Community

1
Bugzilla
CVE-2009-0791 CVE-2009-360{3,4,6,7,8,9} Multiple poppler vulnerabilities2009-10-25
CVE-2009-3606 (CRITICAL CVSS 9.3) | Integer overflow in the PSOutputDev | cvebase.io