CVE-2009-3609 — MEDIUM (4.3)

Q: How severe is CVE-2009-3609?

CVE-2009-3609 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3609?

Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler, Glyph And Cog Pdftops, Gnome Gpdf.

Vulnerability Description

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Foolabs	Xpdf	3.02pl1
Glyphandcog	Xpdfreader	3.00
Poppler	Poppler	<= 0.12.0
Glyph And Cog	Pdftops	All versions
Gnome	Gpdf	All versions
Kde	Kpdf	All versions

Related Weaknesses (CWE)

CWE-189

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchExploit
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.h
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.h
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.h
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://poppler.freedesktop.org/PatchVendor Advisory
http://secunia.com/advisories/37023Vendor Advisory
http://secunia.com/advisories/37028Vendor Advisory
http://secunia.com/advisories/37034Vendor Advisory
http://secunia.com/advisories/37037Vendor Advisory
http://secunia.com/advisories/37043Vendor Advisory
http://secunia.com/advisories/37051Vendor Advisory
http://secunia.com/advisories/37054Vendor Advisory
http://secunia.com/advisories/37061Vendor Advisory
http://secunia.com/advisories/37077Vendor Advisory

FAQ

What is CVE-2009-3609?

CVE-2009-3609 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to...

How severe is CVE-2009-3609?

CVE-2009-3609 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3609?

Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Poppler Poppler, Glyph And Cog Pdftops, Gnome Gpdf.