CVE-2009-3604

high

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

References

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2

http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

https://bugzilla.redhat.com/show_bug.cgi?id=526911

http://secunia.com/advisories/37023

http://secunia.com/advisories/37028

http://secunia.com/advisories/37037

http://secunia.com/advisories/37042

http://secunia.com/advisories/37043

http://secunia.com/advisories/37053

http://secunia.com/advisories/37077

http://secunia.com/advisories/37079

http://secunia.com/advisories/37114

http://secunia.com/advisories/37159

http://secunia.com/advisories/39327

http://secunia.com/advisories/39938

http://securitytracker.com/id?1023029

https://exchange.xforce.ibmcloud.com/vulnerabilities/53795

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969

https://rhn.redhat.com/errata/RHSA-2009-1500.html

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

http://www.debian.org/security/2010/dsa-2028

http://www.debian.org/security/2010/dsa-2050

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.ubuntu.com/usn/USN-850-1

http://www.ubuntu.com/usn/USN-850-3

http://www.vupen.com/english/advisories/2009/2924

http://www.vupen.com/english/advisories/2009/2928

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2010/1040

http://www.vupen.com/english/advisories/2010/1220

Details

Published: 2009-10-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High