Lucene search

MitreCVE-2009-3938

HistoryNov 13, 2009 - 4:30 p.m.

CVE-2009-3938

2009-11-1316:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-3938

buffer overflow

abwoutputdev

poppler

libpoppler

abiword

pdftoabw

denial of service

execute arbitrary code

crafted pdf

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.027

Percentile

90.5%

JSON

Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.

Affected configurations

Nvd

Node

popplerpopplerMatch0.10.6

popplerpopplerMatch0.12.0

VendorProductVersionCPE
popplerpoppler0.12.0cpe:/a:poppler:poppler:0.12.0:::
popplerpoppler0.10.6cpe:/a:poppler:poppler:0.10.6:::

Vendor	Product	Version	CPE
poppler	poppler	0.12.0	cpe:/a:poppler:poppler:0.12.0:::
poppler	poppler	0.10.6	cpe:/a:poppler:poppler:0.10.6:::

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680

bugs.freedesktop.org/attachment.cgi?id=30599&action=edit

bugs.freedesktop.org/show_bug.cgi?id=23074

secunia.com/advisories/37333

www.debian.org/security/2009/dsa-1941

www.mandriva.com/security/advisories?name=MDVSA-2011:175

www.securityfocus.com/bid/36976

www.vupen.com/english/advisories/2009/3227

exchange.xforce.ibmcloud.com/vulnerabilities/54215

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.027

Percentile

90.5%

JSON

Related for CVE-2009-3938