CVE-2009-3603 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2009-3603?

CVE-2009-3603 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3603?

Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler.

Vulnerability Description

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Foolabs	Xpdf	3.02pl1
Glyphandcog	Xpdfreader	3.00
Poppler	Poppler	<= 0.12.0

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2009-3603?

CVE-2009-3603 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that ...

How severe is CVE-2009-3603?

CVE-2009-3603 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3603?

Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler.