CVE-2009-3938
published 2009-11-13CVE-2009-3938: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
5.32%
91.6th percentile
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.12.2-2.1 (bookworm) | poppler 0.12.2-2.1 (bookworm) |
| freedesktop | poppler | >= 0 < 0.12.2-2.1 | 0.12.2-2.1 |
| freedesktop | poppler | >= 0 < 0.12.2-2.1 | 0.12.2-2.1 |
| freedesktop | poppler | >= 0 < 0.12.2-2.1 | 0.12.2-2.1 |
| freedesktop | poppler | >= 0 < 0.12.2-2.1 | 0.12.2-2.1 |
| poppler | poppler | — | — |
| poppler | poppler | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ABWOutputDev:: endWord function
vendor_redhat·2009-08-01·CVSS 6.8
CVE-2009-3938 [MEDIUM] ABWOutputDev:: endWord function
ABWOutputDev:: endWord function
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
Statement: Not vulnerable. This issue did not affect the versions of poppler as shipped with Red Hat Enterprise Linux 5.
Debian
CVE-2009-3938: poppler - Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc...
vendor_debian·2009·CVSS 6.8
CVE-2009-3938 [MEDIUM] CVE-2009-3938: poppler - Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc...
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
Scope: local
bookworm: resolved (fixed in 0.12.2-2.1)
bullseye: resolved (fixed in 0.12.2-2.1)
forky: resolved (fixed in 0.12.2-2.1)
sid: resolved (fixed in 0.12.2-2.1)
trixie: resolved (fixed in 0.12.2-2.1)
GHSA
GHSA-7rq3-6hvw-rrqj: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev
ghsa_unreviewed·2022-05-02
CVE-2009-3938 [MEDIUM] CWE-119 GHSA-7rq3-6hvw-rrqj: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
OSV
CVE-2009-3938: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev
osv·2009-11-13·CVSS 6.8
CVE-2009-3938 [MEDIUM] CVE-2009-3938: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edithttp://bugs.freedesktop.org/show_bug.cgi?id=23074http://secunia.com/advisories/37333http://www.debian.org/security/2009/dsa-1941http://www.mandriva.com/security/advisories?name=MDVSA-2011:175http://www.securityfocus.com/bid/36976http://www.vupen.com/english/advisories/2009/3227https://exchange.xforce.ibmcloud.com/vulnerabilities/54215http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edithttp://bugs.freedesktop.org/show_bug.cgi?id=23074http://secunia.com/advisories/37333http://www.debian.org/security/2009/dsa-1941http://www.mandriva.com/security/advisories?name=MDVSA-2011:175http://www.securityfocus.com/bid/36976http://www.vupen.com/english/advisories/2009/3227https://exchange.xforce.ibmcloud.com/vulnerabilities/54215
2009-11-13
Published