Lucene search

[email protected]NVD:CVE-2009-3607

HistoryOct 21, 2009 - 5:30 p.m.

CVE-2009-3607

2009-10-2117:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

popplerpopplerMatch0.1

popplerpopplerMatch0.1.1

popplerpopplerMatch0.1.2

popplerpopplerMatch0.2.0

popplerpopplerMatch0.3.0

popplerpopplerMatch0.3.1

popplerpopplerMatch0.3.2

popplerpopplerMatch0.3.3

popplerpopplerMatch0.4.0

popplerpopplerMatch0.4.1

popplerpopplerMatch0.4.2

popplerpopplerMatch0.4.3

popplerpopplerMatch0.4.4

popplerpopplerMatch0.5.0

popplerpopplerMatch0.5.1

popplerpopplerMatch0.5.2

popplerpopplerMatch0.5.3

popplerpopplerMatch0.5.4

popplerpopplerMatch0.5.9

popplerpopplerMatch0.5.90

popplerpopplerMatch0.5.91

popplerpopplerMatch0.6.0

popplerpopplerMatch0.6.1

popplerpopplerMatch0.6.2

popplerpopplerMatch0.6.3

popplerpopplerMatch0.6.4

popplerpopplerMatch0.7.0

popplerpopplerMatch0.7.1

popplerpopplerMatch0.7.2

popplerpopplerMatch0.7.3

popplerpopplerMatch0.8.0

popplerpopplerMatch0.8.1

popplerpopplerMatch0.8.2

popplerpopplerMatch0.8.3

popplerpopplerMatch0.8.4

popplerpopplerMatch0.8.5

popplerpopplerMatch0.8.6

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

popplerpopplerMatch0.10.5

popplerpopplerMatch0.10.6

popplerpopplerMatch0.10.7

popplerpopplerMatch0.11.0

popplerpopplerMatch0.11.1

popplerpopplerMatch0.11.2

popplerpopplerMatch0.11.3

popplerpopplerMatch0.12.0

References

cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706

secunia.com/advisories/37054

secunia.com/advisories/37114

secunia.com/advisories/37159

sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

www.debian.org/security/2009/dsa-1941

www.mandriva.com/security/advisories?name=MDVSA-2011:175

www.openwall.com/lists/oss-security/2009/12/01/1

www.openwall.com/lists/oss-security/2009/12/01/5

www.openwall.com/lists/oss-security/2009/12/01/6

www.securityfocus.com/bid/36718

www.ubuntu.com/usn/USN-850-1

www.ubuntu.com/usn/USN-850-3

www.vupen.com/english/advisories/2009/2925

bugzilla.redhat.com/show_bug.cgi?id=526924

exchange.xforce.ibmcloud.com/vulnerabilities/53801

www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.049

Percentile

92.8%

JSON

Related for NVD:CVE-2009-3607

altlinux1 cvelist1 ubuntucve1 debiancve1 seebug1 cve2 prion1 nvd1 nessus16 ubuntu2 openvas15 fedora2 securityvulns1 gentoo1