Home > Vulnerability Database > CVE-2009-3608

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2009-3608

Good to know:

Date: October 21, 2009

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Language: C++

Severity Score

8.1

Related Resources (57)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

Url: http://www.vupen.com/english/advisories/2010/1220

Url: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Url: https://rhn.redhat.com/errata/RHSA-2009-1502.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

Url: http://secunia.com/advisories/37051

Url: http://secunia.com/advisories/37054

Url: http://secunia.com/advisories/37053

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

Url: https://rhn.redhat.com/errata/RHSA-2009-1501.html

Url: http://www.debian.org/security/2010/dsa-2028

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

Url: http://www.debian.org/security/2009/dsa-1941

Url: http://secunia.com/advisories/39938

Url: http://www.vupen.com/english/advisories/2010/0802

Url: http://secunia.com/advisories/37034

Url: http://secunia.com/advisories/37077

Url: http://secunia.com/advisories/37079

Url: http://secunia.com/advisories/37159

Url: http://secunia.com/advisories/37114

Url: http://secunia.com/advisories/37037

Url: https://rhn.redhat.com/errata/RHSA-2009-1503.html

Url: http://secunia.com/advisories/37043

Url: http://www.vupen.com/english/advisories/2009/2925

Url: http://www.vupen.com/english/advisories/2009/2926

Url: http://www.vupen.com/english/advisories/2009/2928

Url: http://www.vupen.com/english/advisories/2009/2924

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

Url: http://www.ubuntu.com/usn/USN-850-1

Url: https://access.redhat.com/security/cve/CVE-2009-3608

Url: https://bugzilla.redhat.com/show_bug.cgi?id=526637

Url: https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Url: http://secunia.com/advisories/39327

Url: http://secunia.com/advisories/37028

Url: https://rhn.redhat.com/errata/RHSA-2009-1513.html

Url: http://www.openwall.com/lists/oss-security/2009/12/01/1

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

Url: http://www.openwall.com/lists/oss-security/2009/12/01/6

Url: http://www.openwall.com/lists/oss-security/2009/12/01/5

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3608

Url: https://rhn.redhat.com/errata/RHSA-2009-1504.html

Url: http://www.ubuntu.com/usn/USN-850-3

Url: http://www.securityfocus.com/bid/36703

Url: http://securitytracker.com/id?1023029

Url: https://rhn.redhat.com/errata/RHSA-2009-1512.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

Url: http://poppler.freedesktop.org/

Url: https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3608

Url: http://www.debian.org/security/2010/dsa-2050

Url: http://secunia.com/advisories/37061

Url: http://www.ocert.org/advisories/ocert-2009-016.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/53794

Url: https://www.mend.io/vulnerability-database/CVE-2009-3608

Severity Score

8.1

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

Upgrade Version

Upgrade to version poppler-0.11.0;poppler-0.7.0

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us