VDB
CVE-2009-3604
CVE-2009-3604
PUBLISHED
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
EPSS 7.50% · 91.9th percentile
Risk Scores
EPSS Score
7.50%
91.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | ipe | 0, 7.2.30-1build1 |
| Ubuntu:16.04:LTS | ipe | 7.1.4-2.1, 7.1.8-1, 0 |
| Ubuntu:24.04:LTS | ipe | *, 0, 7.2.28-2 |
| Ubuntu:20.04:LTS | ipe | 7.2.9-1, 7.2.13-2, 7.2.13-2build1 |
| Ubuntu:22.04:LTS | ipe | 0, 7.2.23+dfsg1-2, 7.2.24+dfsg1-1 |
| Ubuntu:18.04:LTS | ipe | 7.2.7-2, 7.2.7-3, 0 |
Exploit Intelligence
- FILE-PDF Xpdf Splash DrawImage integer overflow attempt [disabled] (vulnetix)
- FILE-PDF Xpdf Splash DrawImage integer overflow attempt [disabled] (vulnetix)
- FILE-PDF Xpdf Splash DrawImage integer overflow attempt [disabled] (community-snort)
- FILE-PDF Xpdf Splash DrawImage integer overflow attempt [disabled] (community-snort)
- RHSA-2009:1503 (circl)
- FEDORA-2009-10845 (circl)
- MDVSA-2009:287 (circl)
- 37028 (circl)
- FEDORA-2010-1377 (circl)
- FEDORA-2009-10823 (circl)
…and 40 more exploits
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2009-3604 third-party-advisory
- https://ubuntu.com/security/notices/USN-850-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-850-3 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2009-3604 third-party-advisory