[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-3608Date: (C)2009-10-21   (M)2018-06-20


Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SUNALERT-1021706
SECTRACK-1023029
SUNALERT-274030
BID-36703
SECUNIA-37028
SECUNIA-37034
SECUNIA-37037
SECUNIA-37043
SECUNIA-37051
SECUNIA-37053
SECUNIA-37054
SECUNIA-37061
SECUNIA-37077
SECUNIA-37079
SECUNIA-37114
SECUNIA-37159
SECUNIA-39327
SECUNIA-39938
ADV-2009-2924
ADV-2009-2925
ADV-2009-2926
ADV-2009-2928
ADV-2010-0802
ADV-2010-1220
DSA-1941
DSA-2028
DSA-2050
FEDORA-2009-10823
FEDORA-2009-10845
FEDORA-2010-1377
FEDORA-2010-1805
FEDORA-2010-1842
MDVSA-2009:287
MDVSA-2009:334
MDVSA-2011:175
RHSA-2009:1501
RHSA-2009:1502
RHSA-2009:1503
RHSA-2009:1504
RHSA-2009:1512
RHSA-2009:1513
SUSE-SR:2009:018
USN-850-1
USN-850-3
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://poppler.freedesktop.org/
http://www.ocert.org/advisories/ocert-2009-016.html
https://bugzilla.redhat.com/show_bug.cgi?id=526637
xpdf-objectstream-bo(53794)

CPE    3
cpe:/a:foolabs:xpdf:3.00
cpe:/a:foolabs:xpdf:3.01
cpe:/a:foolabs:xpdf:3.02
CWE    1
CWE-189
OVAL    43
oval:org.mitre.oval:def:6990
oval:org.secpod.oval:def:600024
oval:org.mitre.oval:def:11826
oval:org.secpod.oval:def:600137
...

© SecPod Technologies