Published: 21/10/2009 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf prior to 3.02pl4 and Poppler prior to 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote malicious users to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
foolabs xpdf 3.02pl1
foolabs xpdf 3.02pl2
foolabs xpdf 3.02pl3
glyphandcog xpdfreader 3.00
glyphandcog xpdfreader 3.01
glyphandcog xpdfreader 3.02
poppler poppler
poppler poppler 0.1
poppler poppler 0.1.1
poppler poppler 0.1.2
poppler poppler 0.2.0
poppler poppler 0.3.0
poppler poppler 0.3.1
poppler poppler 0.3.2
poppler poppler 0.3.3
poppler poppler 0.4.0
poppler poppler 0.4.1
poppler poppler 0.4.2
poppler poppler 0.4.3
poppler poppler 0.4.4
poppler poppler 0.5.0
poppler poppler 0.5.1
poppler poppler 0.5.2
poppler poppler 0.5.3
poppler poppler 0.5.4
poppler poppler 0.5.9
poppler poppler 0.6.0
poppler poppler 0.6.1
poppler poppler 0.6.2
poppler poppler 0.6.3
poppler poppler 0.6.4
poppler poppler 0.7.0
poppler poppler 0.7.1
poppler poppler 0.7.2
poppler poppler 0.7.3
poppler poppler 0.8.0
poppler poppler 0.8.1
poppler poppler 0.8.2
poppler poppler 0.8.3
poppler poppler 0.8.4
poppler poppler 0.8.6
poppler poppler 0.8.7
poppler poppler 0.9.0
poppler poppler 0.9.1
poppler poppler 0.9.2
poppler poppler 0.9.3
poppler poppler 0.10.0
poppler poppler 0.10.1
poppler poppler 0.10.2
poppler poppler 0.10.3
poppler poppler 0.10.4
poppler poppler 0.10.5
poppler poppler 0.10.6
poppler poppler 0.10.7
poppler poppler 0.11.0
poppler poppler 0.11.1
poppler poppler 0.11.2
poppler poppler 0.11.3

Synopsis Important: cups security update Type/Severity Security Advisory: Important Topic Updated cups packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability ...

Debian Bug report logs - #551287 xpdf: integer overflow and null ptr dereference vulnerabilities Package: xpdf; Maintainer for xpdf is Debian QA Group <packages@qadebianorg>; Source for xpdf is src:xpdf (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Fri, 16 Oct 2009 21:42:02 ...

USN-850-1 fixed vulnerabilities in poppler This update provides the corresponding updates for Ubuntu 910 ...

PDF import support has been disabled in KWord due to many security vulnerabilities that could be used by an attacker to run programs as your login ...

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program ...

Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document For the stable distribution (lenny), these problems have been fixed in version 4:359-3+lenny3 The unstable distribution (sid) no longer contai ...

Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to exec ...

CVE-2009-3609

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect