Уязвимость CVE-2009-3606: Информация

Описание

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Важность: CRITICAL (9,3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-3606

Опубликовано: 21 октября 2009 г.

Изменено: 13 февраля 2023 г.

Идентификатор типа ошибки: CWE-189

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
37042	Vendor Advisory
37043	Vendor Advisory
1023029	Patch
36703	Exploit Patch
37053	Vendor Advisory
37023	Vendor Advisory
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch	Patch
RHSA-2009:1500
37077	Vendor Advisory
RHSA-2009:1501	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=526877
RHSA-2009:1502
http://cgit.freedesktop.org/poppler/poppler/diff/poppler/PSOutputDev.cc?id=7b2d314a61
37037	Vendor Advisory
ADV-2009-2928	Patch Vendor Advisory
ADV-2009-2924	Patch Vendor Advisory
MDVSA-2009:287
37159
FEDORA-2009-10823
FEDORA-2009-10845
SUSE-SR:2009:018
274030
[oss-security] 20091201 Re: Need more information on recent poppler issues
[oss-security] 20091130 Re: Need more information on recent poppler issues
DSA-1941
[oss-security] 20091130 Need more information on recent poppler issues
FEDORA-2010-1377
FEDORA-2010-1805
FEDORA-2010-1842
ADV-2010-0802
DSA-2028
39327
ADV-2010-1040
MDVSA-2010:087
1021706
ADV-2010-1220
39938
DSA-2050
MDVSA-2011:175
xpdf-psoutputdev-bo(53798)
oval:org.mitre.oval:def:7836
oval:org.mitre.oval:def:11289

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:a:kde:kpdf:*:*:*:*:*:*:*:*

Версия: v24.4.2

Наверх

Уязвимость CVE-2009-3606: Информация

Описание

Ссылки на рекомендации, решения и инструменты

Конфигурация 1