CVE-2009-3607Integer Overflow or Wraparound in Poppler

CWE-189CWE-190Integer Overflow or Wraparound9 documents8 sources
Severity
9.3CRITICALNVD
EPSS
6.9%
top 8.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop PopplerPoppler
Timeline
PublishedOct 21
Latest updateMay 2

Description

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianfreedesktop/poppler< 0.12.2-1+3
NVDpoppler/poppler55 versions+54

🔴Vulnerability Details

3
GHSA
GHSA-x9rq-9gxv-4m5h: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page2022-05-02
OSV
CVE-2009-3607: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page2009-10-21
CVEList
CVE-2009-3607: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page2009-10-21

📋Vendor Advisories

4
Ubuntu
poppler vulnerabilities2009-11-02
Ubuntu
poppler vulnerabilities2009-10-21
Red Hat
poppler: create_surface_from_thumbnail_data integer overflow2009-10-15
Debian
CVE-2009-3607: poppler - Integer overflow in the create_surface_from_thumbnail_data function in glib/popp...2009

💬Community

1
Bugzilla
CVE-2009-0791 CVE-2009-360{3,4,6,7,8,9} Multiple poppler vulnerabilities2009-10-25
CVE-2009-3607 — Integer Overflow or Wraparound | cvebase