CVE-2009-3607
published 2009-10-21CVE-2009-3607: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.91%
92.3th percentile
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.12.2-1 (bookworm) | poppler 0.12.2-1 (bookworm) |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2009-11-02
CVE-2009-3603 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler vulnerabilities
USN-850-1 fixed vulnerabilities in poppler. This update provides the
corresponding updates for Ubuntu 9.10.
Original advisory details:
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Ubuntu
poppler vulnerabilities
vendor_ubuntu·2009-10-21
CVE-2009-0755 poppler vulnerabilities
Title: poppler vulnerabilities
Summary: poppler vulnerabilities
It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
poppler: create_surface_from_thumbnail_data integer overflow
vendor_redhat·2009-10-15·CVSS 9.3
CVE-2009-3607 [CRITICAL] CWE-190 poppler: create_surface_from_thumbnail_data integer overflow
poppler: create_surface_from_thumbnail_data integer overflow
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Statement: Not vulnerable. This issue did not affect the version of poppler as shipped with Red Hat Enterprise Linux 5.
Debian
CVE-2009-3607: poppler - Integer overflow in the create_surface_from_thumbnail_data function in glib/popp...
vendor_debian·2009·CVSS 9.3
CVE-2009-3607 [CRITICAL] CVE-2009-3607: poppler - Integer overflow in the create_surface_from_thumbnail_data function in glib/popp...
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 0.12.2-1)
bullseye: resolved (fixed in 0.12.2-1)
forky: resolved (fixed in 0.12.2-1)
sid: resolved (fixed in 0.12.2-1)
trixie: resolved (fixed in 0.12.2-1)
GHSA
GHSA-x9rq-9gxv-4m5h: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page
ghsa_unreviewed·2022-05-02
CVE-2009-3607 [HIGH] GHSA-x9rq-9gxv-4m5h: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
OSV
CVE-2009-3607: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page
osv·2009-10-21·CVSS 9.3
CVE-2009-3607 [CRITICAL] CVE-2009-3607: Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
No detection rules found.
No public exploits indexed.
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706http://secunia.com/advisories/37054http://secunia.com/advisories/37114http://secunia.com/advisories/37159http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1http://www.debian.org/security/2009/dsa-1941http://www.mandriva.com/security/advisories?name=MDVSA-2011:175http://www.openwall.com/lists/oss-security/2009/12/01/1http://www.openwall.com/lists/oss-security/2009/12/01/5http://www.openwall.com/lists/oss-security/2009/12/01/6http://www.securityfocus.com/bid/36718http://www.ubuntu.com/usn/USN-850-1http://www.ubuntu.com/usn/USN-850-3http://www.vupen.com/english/advisories/2009/2925https://bugzilla.redhat.com/show_bug.cgi?id=526924https://exchange.xforce.ibmcloud.com/vulnerabilities/53801https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.htmlhttp://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706http://secunia.com/advisories/37054http://secunia.com/advisories/37114http://secunia.com/advisories/37159http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1http://www.debian.org/security/2009/dsa-1941http://www.mandriva.com/security/advisories?name=MDVSA-2011:175http://www.openwall.com/lists/oss-security/2009/12/01/1http://www.openwall.com/lists/oss-security/2009/12/01/5http://www.openwall.com/lists/oss-security/2009/12/01/6http://www.securityfocus.com/bid/36718http://www.ubuntu.com/usn/USN-850-1http://www.ubuntu.com/usn/USN-850-3http://www.vupen.com/english/advisories/2009/2925https://bugzilla.redhat.com/show_bug.cgi?id=526924https://exchange.xforce.ibmcloud.com/vulnerabilities/53801https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
2009-10-21
Published