CVE-2009-3608 Information

Feb 14, 2021 cve

Description

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 as used in GPdf kdegraphics KPDF CUPS pdftops and teTeX might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Reference

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org/ http://secunia.com/advisories/37028 http://secunia.com/advisories/37034 http://secunia.com/advisories/37037 http://secunia.com/advisories/37043 http://secunia.com/advisories/37051 http://secunia.com/advisories/37053 http://secunia.com/advisories/37054 http://secunia.com/advisories/37061 http://secunia.com/advisories/37077 http://secunia.com/advisories/37079 http://secunia.com/advisories/37114 http://secunia.com/advisories/37159 http://secunia.com/advisories/39327 http://secunia.com/advisories/39938 http://securitytracker.com/id?1023029 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 http://www.debian.org/security/2009/dsa-1941 http://www.debian.org/security/2010/dsa-2028 http://www.debian.org/security/2010/dsa-2050 http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.ocert.org/advisories/ocert-2009-016.html http://www.openwall.com/lists/oss-security/2009/12/01/1 http://www.openwall.com/lists/oss-security/2009/12/01/5 http://www.openwall.com/lists/oss-security/2009/12/01/6 http://www.securityfocus.com/bid/36703 http://www.ubuntu.com/usn/USN-850-1 http://www.ubuntu.com/usn/USN-850-3 http://www.vupen.com/english/advisories/2009/2924 http://www.vupen.com/english/advisories/2009/2925 http://www.vupen.com/english/advisories/2009/2926 http://www.vupen.com/english/advisories/2009/2928 http://www.vupen.com/english/advisories/2010/0802 http://www.vupen.com/english/advisories/2010/1220 https://bugzilla.redhat.com/show_bug.cgi?id=526637 https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9536 https://rhn.redhat.com/errata/RHSA-2009-1501.html https://rhn.redhat.com/errata/RHSA-2009-1502.html https://rhn.redhat.com/errata/RHSA-2009-1503.html https://rhn.redhat.com/errata/RHSA-2009-1504.html https://rhn.redhat.com/errata/RHSA-2009-1512.html https://rhn.redhat.com/errata/RHSA-2009-1513.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Share on: