Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-3938
HistoryNov 13, 2009 - 12:00 a.m.

CVE-2009-3938

2009-11-1300:00:00
ubuntu.com
ubuntu.com
14

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.027

Percentile

90.5%

JSON

Buffer overflow in the ABWOutputDev::endWord function in
poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and
possibly other versions, as used by the Abiword pdftoabw utility, allows
user-assisted remote attackers to cause a denial of service and possibly
execute arbitrary code via a crafted PDF file.

Bugs

Notes

Author Note
mdeslaur as of 2010-01-18, upstream hasn’t committed a fix yet debian released patch from bug, but it’s not final intrepid+ compiler hardening reduces this to a denial of service. Can’t reproduce issue on Hardy. Setting to “low”. seems we don’t carry the patch that Debian is carrying for this.
jdstrand pdftoabw was removed in 0.18

Related

cvelist 1
nvd 1
cve 1
debiancve 1
prion 1
nessus 8
openvas 7
debian 1
gentoo 1
cvelist
cvelist
CVE-2009-3938
2009-11-13 16:00:00
nvd
nvd
CVE-2009-3938
2009-11-13 16:30:00
cve
cve
CVE-2009-3938
2009-11-13 16:30:00
debiancve
debiancve
CVE-2009-3938
2009-11-13 16:30:00
prion
prion
Buffer overflow
2009-11-13 16:30:00
nessus
nessus
openSUSE Security Update : libpoppler-devel (libpoppler-devel-1741)
2010-01-03 00:00:00
SuSE 11 Security Update : libpoppler (SAT Patch Number 1731)
2010-01-03 00:00:00
SuSE 11.2 Security Update: libpoppler-devel (2009-12-22)
2010-01-03 00:00:00
openvas
openvas
Debian Security Advisory DSA 1941-1 (poppler)
2009-12-03 00:00:00
Debian: Security Advisory (DSA-1941-1)
2009-12-03 00:00:00
Mandriva Update for poppler MDVSA-2010:055 (poppler)
2010-03-12 00:00:00
debian
debian
[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities
2009-11-25 22:37:47
gentoo
gentoo
Poppler: Multiple vulnerabilities
2013-10-06 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.027

Percentile

90.5%

JSON
Related for UB:CVE-2009-3938
cvelist1nvd1cve1debiancve1prion1nessus8openvas7debian1gentoo1