CVE-2009-3609
published 2009-10-21CVE-2009-3609: Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.12.2-1 (bookworm) | poppler 0.12.2-1 (bookworm) |
| debian | xpdf | < poppler 0.12.2-1 (bookworm) | poppler 0.12.2-1 (bookworm) |
| foolabs | xpdf | — | — |
| foolabs | xpdf | — | — |
| foolabs | xpdf | — | — |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| freedesktop | poppler | >= 0 < 0.12.2-1 | 0.12.2-1 |
| glyphandcog | xpdfreader | — | — |
| glyphandcog | xpdfreader | — | — |
| glyphandcog | xpdfreader | — | — |
| poppler | poppler | <= 0.12.0 | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM