CVE-2009-3608: Buffer Overflow

First published: Thu Oct 01 2009(Updated: )

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-historical
• collector/nvd-index
• agent/type
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2009-3608
• agent/remedy
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/severity
• agent/references
• agent/author
• agent/description
• agent/weakness
• collector/redhat-cve
• agent/software-canonical-lookup
• agent/tags
• agent/event
• collector/mitre-cve
• source/MITRE
• vendor/foolabs
• canonical/foolabs xpdf
• version/foolabs xpdf/3.02pl1
• version/foolabs xpdf/3.02pl2
• version/foolabs xpdf/3.02pl3
• vendor/glyphandcog
• canonical/glyphandcog xpdfreader
• version/glyphandcog xpdfreader/3.00
• version/glyphandcog xpdfreader/3.01
• version/glyphandcog xpdfreader/3.02
• vendor/poppler
• canonical/poppler poppler
• version/poppler poppler/0.12.0
• version/poppler poppler/0.1
• version/poppler poppler/0.1.1
• version/poppler poppler/0.1.2
• version/poppler poppler/0.2.0
• version/poppler poppler/0.3.0
• version/poppler poppler/0.3.1
• version/poppler poppler/0.3.2
• version/poppler poppler/0.3.3
• version/poppler poppler/0.4.0
• version/poppler poppler/0.4.1
• version/poppler poppler/0.4.2
• version/poppler poppler/0.4.3
• version/poppler poppler/0.4.4
• version/poppler poppler/0.5.0
• version/poppler poppler/0.5.1
• version/poppler poppler/0.5.2
• version/poppler poppler/0.5.3
• version/poppler poppler/0.5.4
• version/poppler poppler/0.5.9
• version/poppler poppler/0.6.0
• version/poppler poppler/0.6.1
• version/poppler poppler/0.6.2
• version/poppler poppler/0.6.3
• version/poppler poppler/0.6.4
• version/poppler poppler/0.7.0
• version/poppler poppler/0.7.1
• version/poppler poppler/0.7.2
• version/poppler poppler/0.7.3
• version/poppler poppler/0.8.0
• version/poppler poppler/0.8.1
• version/poppler poppler/0.8.2
• version/poppler poppler/0.8.3
• version/poppler poppler/0.8.4
• version/poppler poppler/0.8.6
• version/poppler poppler/0.8.7
• version/poppler poppler/0.9.0
• version/poppler poppler/0.9.1
• version/poppler poppler/0.9.2
• version/poppler poppler/0.9.3
• version/poppler poppler/0.10.0
• version/poppler poppler/0.10.1
• version/poppler poppler/0.10.2
• version/poppler poppler/0.10.3
• version/poppler poppler/0.10.4
• version/poppler poppler/0.10.5
• version/poppler poppler/0.10.6
• version/poppler poppler/0.10.7
• version/poppler poppler/0.11.0
• version/poppler poppler/0.11.1
• version/poppler poppler/0.11.2
• version/poppler poppler/0.11.3
• vendor/glyph and cog
• canonical/glyph and cog pdftops
• vendor/gnome
• canonical/gnome gpdf
• vendor/kde
• canonical/kde kpdf
• vendor/tetex
• canonical/tetex tetex
• package-manager/redhat