VDB

DEBIAN-CVE-2009-3609

DEBIAN-CVE-2009-3609 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:13xpdf0, 0, 0
Debian:12xpdf0, 0, 0
Debian:14xpdf0, 0, 0
Debian:13poppler0, 0, 0
Debian:11poppler0, 0, 0
Debian:14poppler0, 0, 0
Debian:11xpdf0, 0, 0
Debian:12poppler0, 0, 0

Timeline

  • Oct 21, 2009 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›