[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-3608

Date: (C)2009-10-21   (M)2017-11-18 


Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SUNALERT-1021706
SECTRACK-1023029
SUNALERT-274030
BID-36703
SECUNIA-37028
SECUNIA-37034
SECUNIA-37037
SECUNIA-37043
SECUNIA-37051
SECUNIA-37053
SECUNIA-37054
SECUNIA-37061
SECUNIA-37077
SECUNIA-37079
SECUNIA-37114
SECUNIA-37159
SECUNIA-39327
SECUNIA-39938
ADV-2009-2924
ADV-2009-2925
ADV-2009-2926
ADV-2009-2928
ADV-2010-0802
ADV-2010-1220
DSA-1941
DSA-2028
DSA-2050
FEDORA-2009-10823
FEDORA-2009-10845
FEDORA-2010-1377
FEDORA-2010-1805
FEDORA-2010-1842
MDVSA-2009:287
MDVSA-2009:334
MDVSA-2011:175
RHSA-2009:1501
RHSA-2009:1502
RHSA-2009:1503
RHSA-2009:1504
RHSA-2009:1512
RHSA-2009:1513
SUSE-SR:2009:018
USN-850-1
USN-850-3
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://poppler.freedesktop.org/
http://www.ocert.org/advisories/ocert-2009-016.html
https://bugzilla.redhat.com/show_bug.cgi?id=526637
xpdf-objectstream-bo(53794)

CPE    3
cpe:/a:foolabs:xpdf:3.00
cpe:/a:foolabs:xpdf:3.01
cpe:/a:foolabs:xpdf:3.02
CWE    1
CWE-189
OVAL    43
oval:org.secpod.oval:def:101857
oval:org.secpod.oval:def:300711
oval:org.secpod.oval:def:500577
oval:org.secpod.oval:def:202082
...

© 2013 SecPod Technologies