VDB
DEBIAN-CVE-2009-3604
DEBIAN-CVE-2009-3604
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | xpdf | 0, 0, 0 |
| Debian:14 | xpdf | 0, 0, 0 |
| Debian:12 | poppler | 0, 0, 0 |
| Debian:12 | xpdf | 0, 0, 0 |
| Debian:14 | poppler | 0, 0, 0 |
| Debian:13 | poppler | 0, 0, 0 |
| Debian:11 | xpdf | 0, 0, 0 |
| Debian:11 | poppler | 0, 0, 0 |
Timeline
- Oct 21, 2009 CVE Published
- Apr 28, 2026 CVE Updated