National Cyber Awareness System

Vulnerability Summary for CVE-2009-3603

Overview

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2009-2925

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/2925

External Source: VUPEN

Name: ADV-2009-2924

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/2924

External Source: BID

Name: 36703

Type: Patch Information; Exploit

Hyperlink:http://www.securityfocus.com/bid/36703

External Source: CONFIRM

Name: http://poppler.freedesktop.org/

Type: Advisory; Patch Information

Hyperlink:http://poppler.freedesktop.org/

External Source: CONFIRM

Name: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Type: Patch Information

Hyperlink:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

External Source: FEDORA

Name: FEDORA-2009-10845

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

External Source: FEDORA

Name: FEDORA-2009-10823

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

External Source: REDHAT

Name: RHSA-2009:1504

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1504.html

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=526915

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=526915

External Source: XF

Name: xpdf-splashbitmap-bo(53793)

Hyperlink:http://xforce.iss.net/xforce/xfdb/53793

External Source: VUPEN

Name: ADV-2010-1220

Hyperlink:http://www.vupen.com/english/advisories/2010/1220

External Source: VUPEN

Name: ADV-2010-1040

Hyperlink:http://www.vupen.com/english/advisories/2010/1040

External Source: VUPEN

Name: ADV-2010-0802

Hyperlink:http://www.vupen.com/english/advisories/2010/0802

External Source: UBUNTU

Name: USN-850-3

Hyperlink:http://www.ubuntu.com/usn/USN-850-3

External Source: UBUNTU

Name: USN-850-1

Hyperlink:http://www.ubuntu.com/usn/USN-850-1

External Source: MANDRIVA

Name: MDVSA-2011:175

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

External Source: MANDRIVA

Name: MDVSA-2010:087

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:087

External Source: MANDRIVA

Name: MDVSA-2009:287

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

External Source: DEBIAN

Name: DSA-2050

Hyperlink:http://www.debian.org/security/2010/dsa-2050

External Source: DEBIAN

Name: DSA-2028

Hyperlink:http://www.debian.org/security/2010/dsa-2028

External Source: SUNALERT

Name: 1021706

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

External Source: SUNALERT

Name: 274030

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

External Source: SECTRACK

Name: 1023029

Hyperlink:http://securitytracker.com/id?1023029

External Source: SECUNIA

Name: 39938

Hyperlink:http://secunia.com/advisories/39938

External Source: SECUNIA

Name: 39327

Hyperlink:http://secunia.com/advisories/39327

External Source: SECUNIA

Name: 37159

Hyperlink:http://secunia.com/advisories/37159

External Source: SECUNIA

Name: 37114

Hyperlink:http://secunia.com/advisories/37114

External Source: SECUNIA

Name: 37054

Type: Advisory

Hyperlink:http://secunia.com/advisories/37054

External Source: SECUNIA

Name: 37053

Type: Advisory

Hyperlink:http://secunia.com/advisories/37053

External Source: SECUNIA

Name: 37034

Type: Advisory

Hyperlink:http://secunia.com/advisories/37034

External Source: OVAL

Name: oval:org.mitre.oval:def:9671

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9671

External Source: SUSE

Name: SUSE-SR:2009:018

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

External Source: FEDORA

Name: FEDORA-2010-1377

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

External Source: FEDORA

Name: FEDORA-2010-1842

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

External Source: FEDORA

Name: FEDORA-2010-1805

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

References to Check Content

Identifier:oval:org.mitre.oval:def:9671

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9671