ID CVE-2009-3608
Summary Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*
    cpe:2.3:a:glyph_and_cog:pdftops:*:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gpdf:*:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*
    cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 13-02-2023 - 02:20)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:20:05.213-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:9536
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
version 30
redhat via4
advisories
  • rhsa
    id RHSA-2009:1501
  • rhsa
    id RHSA-2009:1502
  • rhsa
    id RHSA-2009:1503
  • rhsa
    id RHSA-2009:1504
  • rhsa
    id RHSA-2009:1512
  • rhsa
    id RHSA-2009:1513
rpms
  • xpdf-1:3.00-22.el4_8.1
  • xpdf-debuginfo-1:3.00-22.el4_8.1
  • kdegraphics-7:3.5.4-15.el5_4.2
  • kdegraphics-debuginfo-7:3.5.4-15.el5_4.2
  • kdegraphics-devel-7:3.5.4-15.el5_4.2
  • gpdf-0:2.8.2-7.7.2.el4_8.5
  • gpdf-debuginfo-0:2.8.2-7.7.2.el4_8.5
  • poppler-0:0.5.4-4.4.el5_4.11
  • poppler-debuginfo-0:0.5.4-4.4.el5_4.11
  • poppler-devel-0:0.5.4-4.4.el5_4.11
  • poppler-utils-0:0.5.4-4.4.el5_4.11
  • kdegraphics-7:3.3.1-15.el4_8.2
  • kdegraphics-debuginfo-7:3.3.1-15.el4_8.2
  • kdegraphics-devel-7:3.3.1-15.el4_8.2
  • cups-1:1.3.7-11.el5_4.3
  • cups-debuginfo-1:1.3.7-11.el5_4.3
  • cups-devel-1:1.3.7-11.el5_4.3
  • cups-libs-1:1.3.7-11.el5_4.3
  • cups-lpd-1:1.3.7-11.el5_4.3
  • tetex-0:3.0-33.8.el5_5.5
  • tetex-afm-0:3.0-33.8.el5_5.5
  • tetex-debuginfo-0:3.0-33.8.el5_5.5
  • tetex-doc-0:3.0-33.8.el5_5.5
  • tetex-dvips-0:3.0-33.8.el5_5.5
  • tetex-fonts-0:3.0-33.8.el5_5.5
  • tetex-latex-0:3.0-33.8.el5_5.5
  • tetex-xdvi-0:3.0-33.8.el5_5.5
refmap via4
bid 36703
confirm
debian
  • DSA-1941
  • DSA-2028
  • DSA-2050
fedora
  • FEDORA-2009-10823
  • FEDORA-2009-10845
  • FEDORA-2010-1377
  • FEDORA-2010-1805
  • FEDORA-2010-1842
mandriva
  • MDVSA-2009:287
  • MDVSA-2009:334
  • MDVSA-2011:175
misc http://www.ocert.org/advisories/ocert-2009-016.html
mlist
  • [oss-security] 20091130 Need more information on recent poppler issues
  • [oss-security] 20091130 Re: Need more information on recent poppler issues
  • [oss-security] 20091201 Re: Need more information on recent poppler issues
sectrack 1023029
secunia
  • 37028
  • 37034
  • 37037
  • 37043
  • 37051
  • 37053
  • 37054
  • 37061
  • 37077
  • 37079
  • 37114
  • 37159
  • 39327
  • 39938
sunalert
  • 1021706
  • 274030
suse SUSE-SR:2009:018
ubuntu
  • USN-850-1
  • USN-850-3
vupen
  • ADV-2009-2924
  • ADV-2009-2925
  • ADV-2009-2926
  • ADV-2009-2928
  • ADV-2010-0802
  • ADV-2010-1220
xf xpdf-objectstream-bo(53794)
Last major update 13-02-2023 - 02:20
Published 21-10-2009 - 17:30
Last modified 13-02-2023 - 02:20
Back to Top