Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
References
Link Providers
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html cve-icon cve-icon
http://poppler.freedesktop.org/ cve-icon cve-icon
http://secunia.com/advisories/37028 cve-icon cve-icon
http://secunia.com/advisories/37034 cve-icon cve-icon
http://secunia.com/advisories/37037 cve-icon cve-icon
http://secunia.com/advisories/37043 cve-icon cve-icon
http://secunia.com/advisories/37051 cve-icon cve-icon
http://secunia.com/advisories/37053 cve-icon cve-icon
http://secunia.com/advisories/37054 cve-icon cve-icon
http://secunia.com/advisories/37061 cve-icon cve-icon
http://secunia.com/advisories/37077 cve-icon cve-icon
http://secunia.com/advisories/37079 cve-icon cve-icon
http://secunia.com/advisories/37114 cve-icon cve-icon
http://secunia.com/advisories/37159 cve-icon cve-icon
http://secunia.com/advisories/39327 cve-icon cve-icon
http://secunia.com/advisories/39938 cve-icon cve-icon
http://securitytracker.com/id?1023029 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1941 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-2028 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-2050 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 cve-icon cve-icon
http://www.ocert.org/advisories/ocert-2009-016.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/12/01/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/12/01/5 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/12/01/6 cve-icon cve-icon
http://www.securityfocus.com/bid/36703 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-850-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-850-3 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2924 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2925 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2926 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2928 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0802 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1220 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=526637 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/53794 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-3608 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536 cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1501.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1502.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1503.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1504.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1512.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2009-1513.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-3608 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-10-21T17:00:00

Updated: 2024-08-07T06:31:10.520Z

Reserved: 2009-10-09T00:00:00

Link: CVE-2009-3608

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-10-21T17:30:00.407

Modified: 2024-11-21T01:07:47.570

Link: CVE-2009-3608

cve-icon Redhat

Severity : Important

Publid Date: 2009-10-14T00:00:00Z

Links: CVE-2009-3608 - Bugzilla