CVE-2009-3605 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-3605 PUBLISHED CVSS 6.800000190734863 MEDIUM

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

EPSS 4.39% · 88.9th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

4.39%

88.9th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
poppler	poppler	0, 0.1, 0.1.1

Timeline

Nov 2, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz url
SUSE-SR:2009:018 vendor-advisory
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8 url
http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a url
1021706 vendor-advisory
37114 third-party-advisory
MDVSA-2011:175 vendor-advisory
oval:org.mitre.oval:def:7731 vdb
https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz url
274030 vendor-advisory
USN-850-1 vendor-advisory
https://bugs.launchpad.net/bugs/cve/2009-3605 url
MDVSA-2009:334 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=491840 url
http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5 url
https://nvd.nist.gov/vuln/detail/CVE-2009-3605 advisory
https://access.redhat.com/security/cve/CVE-2009-3605 url

Open in Interactive Console →