Published: 02/11/2009 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in Poppler 0.10.5 and previous versions allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Vulnerable Product	Search on Vulmon	Subscribe to Product
poppler poppler 0.7.3
poppler poppler 0.3.2
poppler poppler 0.10.3
poppler poppler 0.4.0
poppler poppler 0.8.5
poppler poppler 0.9.3
poppler poppler 0.10.1
poppler poppler 0.10.0
poppler poppler 0.7.1
poppler poppler 0.6.1
poppler poppler 0.3.1
poppler poppler 0.5.2
poppler poppler 0.5.91
poppler poppler 0.6.0
poppler poppler 0.3.3
poppler poppler 0.4.2
poppler poppler 0.10.4
poppler poppler 0.9.2
poppler poppler 0.6.4
poppler poppler 0.1.2
poppler poppler 0.8.0
poppler poppler 0.8.3
poppler poppler 0.7.0
poppler poppler 0.7.2
poppler poppler 0.5.0
poppler poppler 0.8.6
poppler poppler 0.5.9
poppler poppler 0.5.90
poppler poppler 0.6.3
poppler poppler 0.2.0
poppler poppler 0.8.4
poppler poppler 0.5.4
poppler poppler 0.1.1
poppler poppler 0.9.0
poppler poppler 0.4.1
poppler poppler 0.5.3
poppler poppler
poppler poppler 0.4.4
poppler poppler 0.8.7
poppler poppler 0.9.1
poppler poppler 0.3.0
poppler poppler 0.1
poppler poppler 0.6.2
poppler poppler 0.10.2
poppler poppler 0.4.3
poppler poppler 0.8.1
poppler poppler 0.5.1
poppler poppler 0.8.2

USN-850-1 fixed vulnerabilities in poppler The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files ...

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program ...

CWE-189 https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz https://bugs.launchpad.net/bugs/cve/2009-3605 http://www.ubuntu.com/usn/USN-850-1 http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5 http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8 http://secunia.com/advisories/37114 https://bugzilla.redhat.com/show_bug.cgi?id=491840 https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731 https://nvd.nist.gov https://usn.ubuntu.com/850-2/

CVE-2009-3605

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect