QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3605

Published: Nov 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz

x_refsource_CONFIRM

SUSE-SR:2009:018

vendor-advisory

x_refsource_SUSE

http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8

x_refsource_CONFIRM

http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a

x_refsource_CONFIRM

vendor-advisory

x_refsource_SUNALERT

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

oval:org.mitre.oval:def:7731

vdb-entry

signature

x_refsource_OVAL

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz

x_refsource_CONFIRM

vendor-advisory

x_refsource_SUNALERT

vendor-advisory

x_refsource_UBUNTU

https://bugs.launchpad.net/bugs/cve/2009-3605

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

https://bugzilla.redhat.com/show_bug.cgi?id=491840

x_refsource_CONFIRM

http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.