Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3608 | First vendor Publication | 2009-10-21 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9536 | |||
Oval ID: | oval:org.mitre.oval:def:9536 | ||
Title: | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | ||
Description: | Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3608 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-11-18 | Name : Mandriva Update for poppler MDVSA-2011:175 (poppler) File : nvt/gb_mandriva_MDVSA_2011_175.nasl |
2011-08-09 | Name : CentOS Update for gpdf CESA-2009:1503 centos4 i386 File : nvt/gb_CESA-2009_1503_gpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for tetex CESA-2010:0400 centos5 i386 File : nvt/gb_CESA-2010_0400_tetex_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cups CESA-2009:1513 centos5 i386 File : nvt/gb_CESA-2009_1513_cups_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:1512 centos4 i386 File : nvt/gb_CESA-2009_1512_kdegraphics_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:1502 centos5 i386 File : nvt/gb_CESA-2009_1502_kdegraphics_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for xpdf CESA-2009:1501 centos4 i386 File : nvt/gb_CESA-2009_1501_xpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2009:1504 centos5 i386 File : nvt/gb_CESA-2009_1504_poppler_centos5_i386.nasl |
2010-08-20 | Name : Ubuntu Update for koffice vulnerabilities USN-973-1 File : nvt/gb_ubuntu_USN_973_1.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2050-1 (kdegraphics) File : nvt/deb_2050_1.nasl |
2010-05-17 | Name : Mandriva Update for tetex MDVSA-2010:094 (tetex) File : nvt/gb_mandriva_MDVSA_2010_094.nasl |
2010-05-07 | Name : RedHat Update for tetex RHSA-2010:0400-01 File : nvt/gb_RHSA-2010_0400-01_tetex.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2028-1 (xpdf) File : nvt/deb_2028_1.nasl |
2010-03-12 | Name : Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_096_1.nasl |
2010-03-12 | Name : Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard) File : nvt/gb_mandriva_MDVA_2010_096.nasl |
2010-03-12 | Name : Mandriva Update for nufw MDVA-2010:094 (nufw) File : nvt/gb_mandriva_MDVA_2010_094.nasl |
2010-03-12 | Name : Mandriva Update for irqbalance MDVA-2010:086 (irqbalance) File : nvt/gb_mandriva_MDVA_2010_086.nasl |
2010-03-12 | Name : Mandriva Update for poppler MDVSA-2010:055 (poppler) File : nvt/gb_mandriva_MDVSA_2010_055.nasl |
2010-03-02 | Name : Fedora Update for pdfedit FEDORA-2010-1377 File : nvt/gb_fedora_2010_1377_pdfedit_fc12.nasl |
2010-03-02 | Name : Fedora Update for pdfedit FEDORA-2010-1842 File : nvt/gb_fedora_2010_1842_pdfedit_fc11.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:334 (poppler) File : nvt/mdksa_2009_334.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:282-1 (cups) File : nvt/mdksa_2009_282_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:287-1 (xpdf) File : nvt/mdksa_2009_287_1.nasl |
2009-12-03 | Name : Debian Security Advisory DSA 1941-1 (poppler) File : nvt/deb_1941_1.nasl |
2009-11-23 | Name : Ubuntu USN-850-3 (poppler) File : nvt/ubuntu_850_3.nasl |
2009-11-17 | Name : SLES10: Security update for kdegraphics3-pdf File : nvt/sles10_kdegraphics3-pd0.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10845 (poppler) File : nvt/fcore_2009_10845.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10823 (poppler) File : nvt/fcore_2009_10823.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-11-11 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf2.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1513 (cups) File : nvt/ovcesa2009_1513.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1504 (poppler) File : nvt/ovcesa2009_1504.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1502 (kdegraphics) File : nvt/ovcesa2009_1502.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:287 (xpdf) File : nvt/mdksa_2009_287.nasl |
2009-10-27 | Name : Ubuntu USN-850-2 (poppler) File : nvt/ubuntu_850_2.nasl |
2009-10-27 | Name : Ubuntu USN-850-1 (poppler) File : nvt/ubuntu_850_1.nasl |
2009-10-27 | Name : FreeBSD Ports: xpdf File : nvt/freebsd_xpdf4.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:283 (cups) File : nvt/mdksa_2009_283.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:282 (cups) File : nvt/mdksa_2009_282.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:281 (cups) File : nvt/mdksa_2009_281.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:280 (cups) File : nvt/mdksa_2009_280.nasl |
2009-10-27 | Name : Fedora Core 11 FEDORA-2009-10648 (xpdf) File : nvt/fcore_2009_10648.nasl |
2009-10-27 | Name : Fedora Core 10 FEDORA-2009-10694 (xpdf) File : nvt/fcore_2009_10694.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1504 File : nvt/RHSA_2009_1504.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1503 File : nvt/RHSA_2009_1503.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1502 File : nvt/RHSA_2009_1502.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1501 (xpdf) File : nvt/ovcesa2009_1501.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1503 (gpdf) File : nvt/ovcesa2009_1503.nasl |
2009-10-19 | Name : CentOS Security Advisory CESA-2009:1512 (kdegraphics) File : nvt/ovcesa2009_1512.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1512 File : nvt/RHSA_2009_1512.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1513 File : nvt/RHSA_2009_1513.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1501 File : nvt/RHSA_2009_1501.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-01 xpdf File : nvt/esoft_slk_ssa_2009_302_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-02 poppler File : nvt/esoft_slk_ssa_2009_302_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59184 | Poppler XRef.cc ObjectStream::ObjectStream Function PDF Handling Overflow |
59183 | Xpdf XRef.cc ObjectStream::ObjectStream Function PDF Handling Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | xpdf ObjectStream integer overflow RuleID : 24266 - Revision : 4 - Type : FILE-PDF |
2014-01-10 | XPDF ObjectStream integer overflow RuleID : 16335 - Revision : 9 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1513.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1501.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1503.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1512.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091015_gpdf_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100506_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_kdegraphics_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091015_xpdf_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-pdf-6652.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_poppler-6743.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6560.nasl - Type : ACT_GATHER_INFO |
2010-08-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-973-1.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-280.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1805.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1842.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1377.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2010-05-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2050.nasl - Type : ACT_GATHER_INFO |
2010-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-094.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0400.nasl - Type : ACT_GATHER_INFO |
2010-04-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2028.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-055.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1941.nasl - Type : ACT_GATHER_INFO |
2010-01-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpoppler-devel-100111.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1501.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1502.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1503.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1512.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1513.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpoppler-devel-091223.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote SuSE system is missing a security patch for libpoppler-devel File : suse_11_2_libpoppler-devel-091222.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpoppler-devel-091221.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpoppler-devel-091222.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_poppler-6751.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote openSUSE host is missing a security update. File : suse_cups-6565.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-pdf-6653.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdegraphics3-pdf-091110.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kdegraphics3-pdf-091110.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-091023.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-091024.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6558.nasl - Type : ACT_GATHER_INFO |
2009-11-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6556.nasl - Type : ACT_GATHER_INFO |
2009-11-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-3.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-02.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-01.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10845.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10823.nasl - Type : ACT_GATHER_INFO |
2009-10-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-287.nasl - Type : ACT_GATHER_INFO |
2009-10-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-2.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10694.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-1.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10648.nasl - Type : ACT_GATHER_INFO |
2009-10-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-282.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1513.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1512.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1503.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1502.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1501.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-02-13 09:29:16 |
|
2023-02-02 21:28:56 |
|
2020-05-23 01:40:57 |
|
2020-05-23 00:24:26 |
|
2019-03-06 21:19:18 |
|
2017-09-19 09:23:26 |
|
2017-08-17 09:22:44 |
|
2016-06-28 17:51:39 |
|
2016-04-26 19:11:35 |
|
2014-02-17 10:51:56 |
|
2014-01-19 21:26:14 |
|
2013-05-10 23:59:22 |
|