Vulnerability Description
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foolabs | Xpdf | 3.02pl1 |
| Glyphandcog | Xpdfreader | 3.00 |
| Poppler | Poppler | <= 0.12.0 |
| Glyph And Cog | Pdftops | All versions |
| Gnome | Gpdf | All versions |
| Kde | Kpdf | All versions |
| Tetex | Tetex | All versions |
Related Weaknesses (CWE)
References
- ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.h
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://poppler.freedesktop.org/PatchVendor Advisory
- http://secunia.com/advisories/37028Vendor Advisory
- http://secunia.com/advisories/37034Vendor Advisory
- http://secunia.com/advisories/37037Vendor Advisory
- http://secunia.com/advisories/37043Vendor Advisory
- http://secunia.com/advisories/37051Vendor Advisory
- http://secunia.com/advisories/37053Vendor Advisory
- http://secunia.com/advisories/37054Vendor Advisory
- http://secunia.com/advisories/37061Vendor Advisory
- http://secunia.com/advisories/37077Vendor Advisory
FAQ
What is CVE-2009-3608?
CVE-2009-3608 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow rem...
How severe is CVE-2009-3608?
CVE-2009-3608 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3608?
Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler, Glyph And Cog Pdftops, Gnome Gpdf.