National Cyber Awareness System

Vulnerability Summary for CVE-2009-3608

Overview

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=526637

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=526637

External Source: VUPEN

Name: ADV-2009-2924

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/2924

External Source: BID

Name: 36703

Type: Patch Information; Exploit

Hyperlink:http://www.securityfocus.com/bid/36703

External Source: SECTRACK

Name: 1023029

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1023029

External Source: CONFIRM

Name: http://poppler.freedesktop.org/

Type: Advisory; Patch Information

Hyperlink:http://poppler.freedesktop.org/

External Source: CONFIRM

Name: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Type: Patch Information

Hyperlink:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

External Source: FEDORA

Name: FEDORA-2009-10845

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

External Source: FEDORA

Name: FEDORA-2009-10823

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

External Source: REDHAT

Name: RHSA-2009:1513

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1513.html

External Source: REDHAT

Name: RHSA-2009:1512

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1512.html

External Source: REDHAT

Name: RHSA-2009:1504

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1504.html

External Source: REDHAT

Name: RHSA-2009:1503

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1503.html

External Source: REDHAT

Name: RHSA-2009:1502

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1502.html

External Source: REDHAT

Name: RHSA-2009:1501

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1501.html

External Source: XF

Name: xpdf-objectstream-bo(53794)

Hyperlink:http://xforce.iss.net/xforce/xfdb/53794

External Source: VUPEN

Name: ADV-2010-1220

Hyperlink:http://www.vupen.com/english/advisories/2010/1220

External Source: VUPEN

Name: ADV-2010-0802

Hyperlink:http://www.vupen.com/english/advisories/2010/0802

External Source: VUPEN

Name: ADV-2009-2928

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/2928

External Source: VUPEN

Name: ADV-2009-2926

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/2926

External Source: VUPEN

Name: ADV-2009-2925

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2009/2925

External Source: UBUNTU

Name: USN-850-3

Hyperlink:http://www.ubuntu.com/usn/USN-850-3

External Source: UBUNTU

Name: USN-850-1

Hyperlink:http://www.ubuntu.com/usn/USN-850-1

External Source: MLIST

Name: [oss-security] 20091201 Re: Need more information on recent poppler issues

Hyperlink:http://www.openwall.com/lists/oss-security/2009/12/01/6

External Source: MLIST

Name: [oss-security] 20091130 Re: Need more information on recent poppler issues

Hyperlink:http://www.openwall.com/lists/oss-security/2009/12/01/5

External Source: MLIST

Name: [oss-security] 20091130 Need more information on recent poppler issues

Hyperlink:http://www.openwall.com/lists/oss-security/2009/12/01/1

External Source: MISC

Name: http://www.ocert.org/advisories/ocert-2009-016.html

Hyperlink:http://www.ocert.org/advisories/ocert-2009-016.html

External Source: MANDRIVA

Name: MDVSA-2011:175

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

External Source: MANDRIVA

Name: MDVSA-2009:334

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

External Source: MANDRIVA

Name: MDVSA-2009:287

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

External Source: DEBIAN

Name: DSA-2050

Hyperlink:http://www.debian.org/security/2010/dsa-2050

External Source: DEBIAN

Name: DSA-2028

Hyperlink:http://www.debian.org/security/2010/dsa-2028

External Source: DEBIAN

Name: DSA-1941

Hyperlink:http://www.debian.org/security/2009/dsa-1941

External Source: SUNALERT

Name: 1021706

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

External Source: SUNALERT

Name: 274030

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

External Source: SECUNIA

Name: 39938

Hyperlink:http://secunia.com/advisories/39938

External Source: SECUNIA

Name: 39327

Hyperlink:http://secunia.com/advisories/39327

External Source: SECUNIA

Name: 37159

Hyperlink:http://secunia.com/advisories/37159

External Source: SECUNIA

Name: 37114

Hyperlink:http://secunia.com/advisories/37114

External Source: SECUNIA

Name: 37079

Type: Advisory

Hyperlink:http://secunia.com/advisories/37079

External Source: SECUNIA

Name: 37077

Type: Advisory

Hyperlink:http://secunia.com/advisories/37077

External Source: SECUNIA

Name: 37061

Type: Advisory

Hyperlink:http://secunia.com/advisories/37061

External Source: SECUNIA

Name: 37054

Type: Advisory

Hyperlink:http://secunia.com/advisories/37054

External Source: SECUNIA

Name: 37053

Type: Advisory

Hyperlink:http://secunia.com/advisories/37053

External Source: SECUNIA

Name: 37051

Type: Advisory

Hyperlink:http://secunia.com/advisories/37051

External Source: SECUNIA

Name: 37043

Type: Advisory

Hyperlink:http://secunia.com/advisories/37043

External Source: SECUNIA

Name: 37037

Type: Advisory

Hyperlink:http://secunia.com/advisories/37037

External Source: SECUNIA

Name: 37034

Type: Advisory

Hyperlink:http://secunia.com/advisories/37034

External Source: SECUNIA

Name: 37028

Type: Advisory

Hyperlink:http://secunia.com/advisories/37028

External Source: OVAL

Name: oval:org.mitre.oval:def:9536

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9536

External Source: SUSE

Name: SUSE-SR:2009:018

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

External Source: FEDORA

Name: FEDORA-2010-1377

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

External Source: FEDORA

Name: FEDORA-2010-1842

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

External Source: FEDORA

Name: FEDORA-2010-1805

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

References to Check Content

Identifier:oval:org.mitre.oval:def:9536

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9536