The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-10-21T17:00:00
Updated: 2024-08-07T06:31:10.557Z
Reserved: 2009-10-09T00:00:00
Link: CVE-2009-3604
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-10-21T17:30:00.313
Modified: 2024-11-21T01:07:46.920
Link: CVE-2009-3604
Redhat