CVE-2009-3604

HIGH

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2

http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://secunia.com/advisories/37023

http://secunia.com/advisories/37028

http://secunia.com/advisories/37037

http://secunia.com/advisories/37042

http://secunia.com/advisories/37043

http://secunia.com/advisories/37053

http://secunia.com/advisories/37077

http://secunia.com/advisories/37079

http://secunia.com/advisories/37114

http://secunia.com/advisories/37159

http://secunia.com/advisories/39327

http://secunia.com/advisories/39938

http://securitytracker.com/id?1023029

http://site.pi3.com.pl/adv/xpdf.txt

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

http://www.debian.org/security/2010/dsa-2028

http://www.debian.org/security/2010/dsa-2050

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.securityfocus.com/bid/36703

http://www.ubuntu.com/usn/USN-850-1

http://www.ubuntu.com/usn/USN-850-3

http://www.vupen.com/english/advisories/2009/2924

http://www.vupen.com/english/advisories/2009/2928

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2010/1040

http://www.vupen.com/english/advisories/2010/1220

https://bugzilla.redhat.com/show_bug.cgi?id=526911

https://exchange.xforce.ibmcloud.com/vulnerabilities/53795

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969

https://rhn.redhat.com/errata/RHSA-2009-1500.html

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Details

Source: MITRE

Published: 2009-10-21

Updated: 2019-03-06

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH