Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3604

Опубликовано: 21 окт. 2009
Источник: nvd
CVSS2: 9.3
EPSS Низкий

Описание

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.09744
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-399

Связанные уязвимости

ubuntu логотип

CVE-2009-3604

ubuntu
больше 15 лет назад

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

redhat логотип

CVE-2009-3604

redhat
больше 15 лет назад

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

debian логотип

CVE-2009-3604

debian
больше 15 лет назад

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...

github логотип

GHSA-57v7-6q2r-896j

github
около 3 лет назад

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

fstec логотип

BDU:2015-02169

fstec
больше 10 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 93%
0.09744
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-399