Lucene search

RedhatCVE-2009-3607

HistoryOct 21, 2009 - 5:30 p.m.

CVE-2009-3607

2009-10-2117:30:00

CWE-189

redhat

web.nvd.nist.gov

cve-2009-3607

integer overflow

denial of service

memory corruption

arbitrary code execution

poppler

pdf

heap-based buffer overflow

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.5.90

popplerpopplerMatch0.5.91

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.5

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

popplerpopplerMatch0.10.5

popplerpopplerMatch0.10.6

popplerpopplerMatch0.10.7

popplerpopplerMatch0.11.0

popplerpopplerMatch0.11.1

popplerpopplerMatch0.11.2

popplerpopplerMatch0.11.3

popplerpopplerMatch0.12.0

VendorProductVersionCPE
popplerpoppler0.5.2cpe:/a:poppler:poppler:0.5.2:::
popplerpoppler0.8.5cpe:/a:poppler:poppler:0.8.5:::
popplerpoppler0.5.1cpe:/a:poppler:poppler:0.5.1:::
popplerpoppler0.10.2cpe:/a:poppler:poppler:0.10.2:::
popplerpoppler0.6.2cpe:/a:poppler:poppler:0.6.2:::
popplerpoppler0.10.3cpe:/a:poppler:poppler:0.10.3:::
popplerpoppler0.4.1cpe:/a:poppler:poppler:0.4.1:::
popplerpoppler0.2.0cpe:/a:poppler:poppler:0.2.0:::
popplerpoppler0.5.3cpe:/a:poppler:poppler:0.5.3:::
popplerpoppler0.10.4cpe:/a:poppler:poppler:0.10.4:::

Vendor	Product	Version	CPE
poppler	poppler	0.5.2	cpe:/a:poppler:poppler:0.5.2:::
poppler	poppler	0.8.5	cpe:/a:poppler:poppler:0.8.5:::
poppler	poppler	0.5.1	cpe:/a:poppler:poppler:0.5.1:::
poppler	poppler	0.10.2	cpe:/a:poppler:poppler:0.10.2:::
poppler	poppler	0.6.2	cpe:/a:poppler:poppler:0.6.2:::
poppler	poppler	0.10.3	cpe:/a:poppler:poppler:0.10.3:::
poppler	poppler	0.4.1	cpe:/a:poppler:poppler:0.4.1:::
poppler	poppler	0.2.0	cpe:/a:poppler:poppler:0.2.0:::
poppler	poppler	0.5.3	cpe:/a:poppler:poppler:0.5.3:::
poppler	poppler	0.10.4	cpe:/a:poppler:poppler:0.10.4:::