National Cyber Awareness System

Vulnerability Summary for CVE-2009-3605

Overview

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz

Hyperlink:https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz

External Source: CONFIRM

Name: https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz

Hyperlink:https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=491840

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=491840

External Source: CONFIRM

Name: https://bugs.launchpad.net/bugs/cve/2009-3605

Hyperlink:https://bugs.launchpad.net/bugs/cve/2009-3605

External Source: UBUNTU

Name: USN-850-1

Hyperlink:http://www.ubuntu.com/usn/USN-850-1

External Source: MANDRIVA

Name: MDVSA-2011:175

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

External Source: MANDRIVA

Name: MDVSA-2009:334

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

External Source: SUNALERT

Name: 1021706

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

External Source: SUNALERT

Name: 274030

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

External Source: SECUNIA

Name: 37114

Type: Advisory

Hyperlink:http://secunia.com/advisories/37114

External Source: OVAL

Name: oval:org.mitre.oval:def:7731

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7731

External Source: SUSE

Name: SUSE-SR:2009:018

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

External Source: CONFIRM

Name: http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8

Hyperlink:http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8

External Source: CONFIRM

Name: http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a

Hyperlink:http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a

External Source: CONFIRM

Name: http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5

Hyperlink:http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5

References to Check Content

Identifier:oval:org.mitre.oval:def:7731

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7731