CVE-2009-3604

2009-10-2100:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.418

Percentile

97.3%

JSON

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before
3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not
properly allocate memory, which allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via a
crafted PDF document that triggers a NULL pointer dereference or a
heap-based buffer overflow.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchipe< anyUNKNOWN
ubuntu20.04noarchipe< anyUNKNOWN
ubuntu22.04noarchipe< anyUNKNOWN
ubuntu24.04noarchipe< anyUNKNOWN
ubuntu16.04noarchipe< anyUNKNOWN
ubuntu17.10noarchpoppler< 0.12.2-2.1ubuntu1UNKNOWN
ubuntu18.04noarchpoppler< 0.12.2-2.1ubuntu1UNKNOWN
ubuntu18.10noarchpoppler< 0.12.2-2.1ubuntu1UNKNOWN
ubuntu6.06noarchpoppler< 0.5.1-0ubuntu7.6UNKNOWN
ubuntu19.04noarchpoppler< 0.12.2-2.1ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	ipe	< any	UNKNOWN
ubuntu	20.04	noarch	ipe	< any	UNKNOWN
ubuntu	22.04	noarch	ipe	< any	UNKNOWN
ubuntu	24.04	noarch	ipe	< any	UNKNOWN
ubuntu	16.04	noarch	ipe	< any	UNKNOWN
ubuntu	17.10	noarch	poppler	< 0.12.2-2.1ubuntu1	UNKNOWN
ubuntu	18.04	noarch	poppler	< 0.12.2-2.1ubuntu1	UNKNOWN
ubuntu	18.10	noarch	poppler	< 0.12.2-2.1ubuntu1	UNKNOWN
ubuntu	6.06	noarch	poppler	< 0.5.1-0ubuntu7.6	UNKNOWN
ubuntu	19.04	noarch	poppler	< 0.12.2-2.1ubuntu1	UNKNOWN